P. 1
48078120-CCNA-3

48078120-CCNA-3

|Views: 22|Likes:
Published by EngSoonCheah

More info:

Published by: EngSoonCheah on Jun 11, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/26/2012

pdf

text

original

This document is exclusive property of Cisco Systems, Inc.

Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Exploration: LAN Switching and Wireless course as part of an official Cisco Networking Academy Program.

PT Activity 1.2.4: Build a Hierarchical Topology (Instructor Version)
Topology Diagram

Learning Objectives
• • Add devices to a topology Connect the devices

Introduction
Packet Tracer is integrated throughout this course. You must know how to navigate the Packet Tracer environment to complete this course. Use the tutorials if you need a review of Packet Tracer fundamentals. The tutorials are located in the Packet Tracer Help menu. This activity focuses on building a hierarchical topology, from the core to the distribution and access layers.

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 1 of 3

CCNA Exploration LAN Switching and Wireless: LAN Design

PT Activity 1.2.4: Build a Hierarchical Topology

Task 1: Add Devices to the Topology
Step 1. Add the missing distribution layer routers and switches. • • The routers you need are located in Custom Made Devices. R1 and R3 are 1841 routers. Ctrlclick the 1841 router to add more than one. Press ESC to cancel. R2 is a 2811 router. Now add the S1, S2, and S3 distribution layer switches using the 2960-24TT model

Step 2. Add the remaining access layer switches. Following the topology diagram, add 2960-24TT switches to complete the rest of the access layer. Remember you can use press Ctrl-click to add multiple devices of the same type. Step 3. Change the display name for each new device. • • • Click a device to open its configuration window. Select the Config tab to access the basic configuration options. In Global Settings under Display Name and Hostname, type the name for the device shown in the topology diagram.

• Repeat the process for all the new devices that you added. Although Packet Tracer does not grade adding the display names, this step must be completed to successfully complete this activity. Step 4. Check results. Your completion percentage should be 14%. If not, click Check Results to see which required components are not yet completed.

Task 2: Connect the Devices
Pay close attention to the topology diagram and the labeled interfaces when connecting the devices. You are graded on the connections. For instance, in the topology diagram switch S1 is connected to R1 through interface Fa0/1 on both sides. This connection is scored on both the cable type and interface designation. Do not use the Smart Connection utility to make these connections because you have no control over which interface is selected. Step 1. Cable the core layer routers to the distribution layer routers. • • • • Using copper crossover cables, connect the core layer routers, C1 and C2, to the distribution layer routers, R1, R2, and R3. C1 connects to both R1 and R2, and C2 connects to both R2 and R3. As with devices, you can Ctrl-click the cable type to make multiple connections without having to re-select the cable. Remember to refer to the topology diagram to determine which interfaces to use for these connections.

Step 2. Cable the distribution layer routers to the access layer switches. Connect the distribution layer routers to the access layer switches using copper straight-through cables. R1 connects to S1, R2 connects to S4, and R3 connects to S7. Step 3. Cable the access layer switches. Connect the access layer switches using copper crossover cables. Follow the topology diagram for the correct connections.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 3

If you wait long enough. When connecting a switch to a PC. Your completion percentage should be 100%. All contents are Copyright © 1992–2007 Cisco Systems.2. Cable the end devices. If not. Why are the link lights for ports between routers and for ports between routers and switches red? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Router interfaces must be manually activated by a network administrator before the ports transition to an active (green) state. Packet Tracer eventually catches up and gives you the full 100%. Check results. Inc.4: Build a Hierarchical Topology Step 4. printers. Connect the remaining end devices (IP phones. Step 6. Notice that the link lights for ports between switches and between a switch and an end device eventually transition from amber to green. This document is Cisco Public Information. PCs.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1. All rights reserved. Step 5. Note: A bug in Packet Tracer may cause your percentage to show only 99% even though all the required components are complete. remember to connect to the Fast Ethernet port of the PC. and servers) to the correct switch using copper straight-through cables. click Check Results to see which required components are not yet completed. Page 3 of 3 . Reflection.

PT Activity 1. and configuring host computers and one Cisco router for basic network connectivity. design an IP addressing scheme that satisfies the following requirements: Subnet Subnet A Subnet B Number of Hosts 110 54 Page 1 of 3 All contents are Copyright © 1992–2007 Cisco Systems.1: Review of Concepts from Exploration 1 (Instructor Version) Topology Diagram Learning Objectives • • • • • Design a logical LAN topology Configure the physical topology Configure the logical topology Verify network connectivity Verify passwords Introduction In this activity. . you will design and configure a small routed network and verify connectivity across multiple network devices. All rights reserved. Design an IP addressing scheme.168. Inc. This requires creating and assigning two subnetwork blocks.3. connecting hosts and network devices. Task 1: Design a Logical LAN Topology Step 1. Given the IP address block of 192.0 /24. This document is Cisco Public Information. Switch1 has a default configuration and does not require additional configuration. The zero subnet is used.7. You will use common commands to test and document the network.

Assign the first usable subnet to Subnet A.7. Step 2. one per line. Router(config)#hostname Router1 Router1(config)#enable secret class Router1(config)#line console 0 Router1(config-line)#password cisco Router1(config-line)#login Router1(config-line)#line vty 0 4 Router1(config-line)#password cisco Router1(config-line)#login Router1(config-line)#int fa0/0 Router1(config-if)#ip address addr sub_mask !Supply your answer from Task 1 Router1(config-if)#ip address 192. Inc. Create the smallest possible subnets that satisfy the requirements for hosts.1. Configure the host computers.7. Configure the static IP address. Host computers will use the first IP address in the subnet. Task 3: Configure the Logical Topology Step 1.168. End with CNTL/Z.7. subnet mask. • • • • Connect Host1 to the Fa0/0 interface on Router1 Connect a console cable between Host1 and Router1 Connect the Fa0/1 interface on Switch1 to the Fa0/1 interface on Router1 Connect Host2 to the Fa0/2 interface on Switch1 Step 2.126 255. Cable the network. Host 1: 192.168.3. Verify the connections visually. This document is Cisco Public Information. verify your IP addresses with the instructor.126 Host 2: 192.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1. The network router will use the last IP address in the subnet.1/25 DG is 192. Before proceeding.129/26 DG is 192. Task 2: Configure the Physical Topology Step 1.190 Step 2. Connect to Router1 through the Terminal connection on Host1.7. All rights reserved.168.168.255. Inspect the network connections. and gateway for each host computer. Page 2 of 3 .168. Router>enable Router#config term Enter configuration commands.128 Router1(config-if)#no shutdown Router1(config-if)#description connection to host1 Router1(config-if)#interface fa0/1 All contents are Copyright © 1992–2007 Cisco Systems.255.1: Review of Concepts from Exploration 1 The 0 subnet is used. Write down the IP address information for each device. No subnet calculators may be used. Configure Router1. Enter the following commands on the router: Remember: Packet Tracer is case sensitive when it grades the description command.

Verify that the enable secret password has been set. enter privilege exec mode and verify it is password protected: Router1>enable Were you prompted for the enable secret password? Task 6: Reflection How are Telnet access and console access different? When might it make sense to set different passwords on these two access ports? Why does the switch between Host2 and the router not require configuration with an IP address to forward packets? All contents are Copyright © 1992–2007 Cisco Systems. type cisco and press Enter.190 .. Task 5: Verify Passwords Step 1. You can verify network connectivity using the ping command. Telnet to the router from Host2 and verify the Telnet password.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1.168. Page 3 of 3 . Use the ping command to verify network connectivity.255. In a command window on Host 2.255.1: Review of Concepts from Exploration 1 Router1(config-if)#description connection to switch1 Router1(config-if)#ip address addr sub_mask !Supply your answer from Task 1 Router1(config-if)#ip address 192. This document is Cisco Public Information.168. type: Packet Tracer PC Command Line 1.7.190 255..3.168.7.192 Router1(config-if)#no shutdown Router1(config-if)#end Router1# Task 4: Verify Network Connectivity Step 1.190 Trying 192.7. From the Telnet session. Step 2. You should be able to telnet to either Fast Ethernet interface of the router. Inc.0 PC>telnet 192. User Access Verification Password: When you are prompted for the Telnet password. All rights reserved.

You will use common commands to test and document the network.0 /27. Given the IP address block of 192. Design an IP addressing scheme. Inc.2: Review of Concepts from Exploration 1 .30. This requires creating and assigning two subnetwork blocks. Switch1 has a default configuration and does not require additional configuration. you will design and configure a small routed network and verify connectivity across multiple network devices. design an IP addressing scheme that satisfies the following requirements: Subnet Subnet A Subnet B Number of Hosts 7 14 All contents are Copyright © 1992–2007 Cisco Systems.3. All rights reserved. This document is Cisco Public Information.168. and configuring host computers and one Cisco router for basic network connectivity. Page 1 of 2 . connecting hosts and network devices.Challenge (Instructor Version) Topology Diagram Learning Objectives • • • • • Design a logical LAN topology Configure the physical topology Configure the logical topology Verify network connectivity Verify passwords Introduction In this activity. Task 1: Design a Logical LAN Topology Step 1. The zero subnet is used.PT Activity 1.

You can verify network connectivity using the ping command.Challenge The 0 subnet is used. All rights reserved. Task 3: Configure the Logical Topology Step 1.2: Review of Concepts from Exploration 1 . Inspect the network connections. Enter the following commands on the router: • • • • • Router name Router1 Secret password class Set console and VTY line passwords to cisco Interface addresses Interface description Fa0/0 text: connection to host1 Fa0/1 text: connection to swtich1 Task 4: Verify Network Connectivity Step 1. Verify that the enable secret password has been set. Page 2 of 2 . Configure the host computers. Host computers will use the first IP address in the subnet. Step 2. The network router will use the last IP address in the subnet. Inc. Write down the IP address information for each device. Cable the network. Step 2. Use the ping command to verify network connectivity. Task 6: Reflection How are Telnet access and console access different? When might it make sense to set different passwords on these two access ports? Why does the switch between Host2 and the router not require configuration with an IP address to forward packets? All contents are Copyright © 1992–2007 Cisco Systems. Create the smallest possible subnets that satisfy the requirements for hosts. Step 2. Task 2: Configure the Physical Topology Step 1. This document is Cisco Public Information. No subnet calculators may be used. Configure Router1.3. Step 2. verify your IP addresses with the instructor. Assign the first usable subnet to Subnet A. Task 5: Verify Passwords Step 1. Before proceeding. Telnet to the router from Host2 and verify the Telnet password.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1.

You will troubleshoot the connectivity problems to determine where the errors are occurring and correct them using the appropriate commands.30.3: Troubleshooting a Small Network (Instructor Version) Topology Diagram Learning Objectives • • Examine the logical LAN topology Troubleshoot network connections Introduction The configuration contains design and configuration errors that conflict with stated requirements and prevent end-to-end communication.16. All rights reserved. Inc. The IP address block of 172. Design an IP addressing scheme.0 /23 is subnetted to meet the following requirements: Subnet Subnet A Subnet B Additional requirements and specifications: • The 0 subnet is used. .PT Activity 1. each host should be able to communicate with all other configured network elements and with the other host. This document is Cisco Public Information. Task 1: Examine the Logical LAN Topology Step 1. Page 1 of 3 Number of Hosts 174 60 All contents are Copyright © 1992–2007 Cisco Systems. When all errors have been corrected.3.

Begin by viewing the summary of status information for each interface on the router.30. All contents are Copyright © 1992–2007 Cisco Systems. The network router uses the last network host address.3: Troubleshooting a Small Network • • • • The smallest possible number of subnets that satisfy the requirements for hosts should be used.254 Subnet B IP mask (decimal) IP address First IP host address Last IP host address 255. Begin troubleshooting at the host connected to the BRANCH router. Assign the first usable subnet to Subnet A. Are there any problems with the status of the interfaces? If there are problems with the status of the interfaces. Are any of the given values incorrect? If yes. Inc.30.16.3.31.1 172.16.255.0 172.255. Based on these requirements. make note of the corrected values.255. Host computers use the first IP address in the subnet. All rights reserved. keeping the largest possible block in reserve for future use.16.31.0 172.128 172.255. is it possible to ping the router fa0/1 interface? From host PC1. Examine the router to find possible configuration errors. Page 2 of 3 . Task 2: Troubleshoot Network Connections Step 1.1 172.30.CCNA Exploration LAN Design PT Activity 1. the following addressing requirements have been provided to you: Subnet A IP mask (decimal) IP address First IP host address Last IP host address 255. is it possible to ping the default gateway? From host PC1. is it possible to ping PC2? From host PC1. record any commands that are necessary to correct the configuration errors.0 172.16.16.31. From host PC1.126 Examine each of the values in the tables above and verify that this topology meets all requirements and specifications. This document is Cisco Public Information.16. is it possible to ping itself? Where is the most logical place to begin troubleshooting the PC1 connection problems? Step 2.

This document is Cisco Public Information. Page 3 of 3 . Examine the full status of Fa 0/0 and 0/1.CCNA Exploration LAN Design PT Activity 1.3. Inc. record any commands that are necessary to correct the router configuration. All rights reserved. Step 4. Verify the logical configuration. Does the information in the interface status summary indicate any configuration errors on Router1? If the answer is yes. Use the necessary commands to correct the router configuration. If any changes were made to the configuration in the previous step. view the summary of the status information for the router interfaces. troubleshoot the interface status of the interfaces. Has connectivity been restored? Why is it useful for a host to ping its own address? All contents are Copyright © 1992–2007 Cisco Systems.3: Troubleshooting a Small Network Step 3. View a summary of the status information. Has connectivity been restored? Step 5. Is the IP addresses and subnet mask information in the interface status consistent with the configuration table? If there are differences between the configuration table and the router interface configuration.

You must know how to All contents are Copyright © 1992–2007 Cisco Systems.255.255. You should review those skills before proceeding.1 192. In addition.255.1.1.190 Subnet Mask 255.1.1.168.255.255.255.255.128 225.128 225.1 192.128 255.255.168.168. The skills include subnetting. Inc. Page 1 of 3 .255. All rights reserved.255.168.255. This document is Cisco Public Information. building a network.168.1 192.1: Packet Tracer Skills Integration Challenge (Instructor Version) Topology Diagram Addressing Table Device R1 PC1 PC2 Laser Server Interface Fa0/0 Fa0/1 NIC NIC NIC NIC IP Address 192.PT Activity 1.168.192 225.192 255.168.129 Learning Objectives • • • • Design the network Build the network Apply a basic configuration Test connectivity Introduction This activity reviews the skills you acquired in the Exploration: Network Fundamentals course. this activity reviews the basics of using the Packet Tracer program.168.129 192. and testing connectivity.192 Default Gateway N/A N/A 192.129 192.255.130 192. Packet Tracer is integrated throughout this course. applying an addressing scheme.1.1.1.1.126 192.2 192.168.1.1.4.168.

Assign the server the last useable IP address in the subnet. Step 3. refer to the topology diagram.1.0/24 address space. Change the Display Name and Hostname to match the device names shown in the topology diagram. Inc. All rights reserved. Subnet B • • • • Subnet the remaining address space to provide for 50 hosts Assign the Fa0/1 interface the first useable IP address.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1. Assign PC1 the second useable IP address. Use the following specifications for the connections between the devices: • • • • S1 Fa0/1 to R1 Fa0/0 S1 Fa0/6 to PC1 S1 Fa0/12 to PC2 S2 Fa0/1 to R1 Fa0/1 Page 2 of 3 All contents are Copyright © 1992–2007 Cisco Systems. Add the following devices to the network. Document the addressing scheme. Design an addressing scheme.4. Name the devices. Task 1: Design and Document an Addressing Scheme Step 1. For placement of these devices. Use the tutorials if you need a review of Packet Tracer fundamentals. Complete an addressing table for the router and each end device in the network. design an addressing scheme according to the following requirements: Subnet A • • • Subnet the address space to provide for 100 hosts Assign the Fa0/0 interface the first useable IP address. Assign the laser printer the second useable IP address. Task 2: Add and Connect the Devices Step 1. • Assign PC2 the last useable IP address in the subnet. Add the necessary equipment.1: Packet Tracer Skills Integration Challenge navigate the Packet Tracer environment to complete this course. Using the 192. The tutorials are located in the Packet Tracer Help menu. . Step 2. Device names are case-sensitive. Connect the devices.168. This document is Cisco Public Information. • • • • • Two 2960-24TT switches One 1841 router Two generic PCs One generic server One generic printer Step 2.

• • • • The privileged EXEC secret password is class. Task 4: Test Connectivity and Examine the Configuration You should now have end-to-end connectivity. and the IP addresses.4. Configure the appropriate interfaces. All rights reserved. If you still receive an error. From PC1 and PC2. try pinging again to make sure ARP tables are updated.CCNA Exploration LAN Switching and Wireless: LAN Design PT Activity 1. ping all end devices on the network. which means every end device should be reachable from any other end device. If you get an error. click Check Results to see which required components are not yet completed. the cables. Use the following descriptions: Link to PC LAN Link to Server & Printer Note: Remember that the banner and descriptions are case-sensitive. This document is Cisco Public Information. Isolate problems and implement solutions. Task 3: Apply Basic Configurations Step 1. Your completion percentage should be 100%. Page 3 of 3 . click Check Results to see which required components are not yet completed. Step 3. Check results. If not. Do not forget to activate the interfaces. The banner is Authorized Access Only. Step 2. The line password is cisco for console and telnet. If not. All contents are Copyright © 1992–2007 Cisco Systems. Check results. Configure the router.1: Packet Tracer Skills Integration Challenge • • S2 Fa0/6 to Laser S2 Fa0/12 to Server Step 4. Your completion percentage should be 46%. check your subnetting. Configure the end devices. Inc.

Inc.21 172.8: Configuring Basic Switch Management (Instructor Version) Topology Diagram Addressing Table Device S1 PC1 Server Interface VLAN99 NIC NIC IP Address 172.31 Subnet Mask 255. This document is Cisco Public Information. All rights reserved.17. Page 1 of 8 .255.255.17.255.17.PT Activity 2.255.255.0 255.99.3.11 172.99.0 255.99.255.0 Learning Objectives • • • • • • • • • Connect to the switch using a console connection Navigate through various CLI modes Use the Help Facility to configure the clock Access and configure command history Configure the boot sequence Configure a PC and connect it to a switch Configure full duplex Manage the MAC address table Manage the switch configuration file All contents are Copyright © 1992–2007 Cisco Systems.

This document is Cisco Public Information. accessing the command history. the available commands are limited to basic monitoring commands. Switch(config)#hostname S1 All contents are Copyright © 1992–2007 Cisco Systems.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Your completion percentage should be 6%. Step 4: Change to global configuration mode. Task 2: Navigate Through CLI Modes Step 1: In user EXEC mode. Step 6: Configure S1 as the hostname. Note the list of available commands. Keep these default settings for Terminal Configuration and then click OK: Bits Per Second = 9600 Data Bits = 8 Parity = None Stop Bits = 1 Flow Control = None • You are now consoled into S1. configuration and management commands can now be accessed. Note the list of available commands. setting speed and duplex settings. Switch#configure terminal Switch(config)# Step 5: In global configuration mode. Skills learned in this activity are necessary for configuring basic switch security in later chapters. All rights reserved. as well as managing the MAC address table and switch configuration file. In addition to the basic monitoring commands. Step 3: In privileged EXEC mode. Page 2 of 8 . There are now more available commands compared to user EXEC mode.3. Note the list of available commands. Step 2: Check results. Click PC1 and then click the Desktop tab. This activity focuses on navigating command-line interface modes. using help functions. Press Enter to get the Switch prompt. click Check Results to see which required components are not yet completed. Step 2: Use the enable command to go to privileged EXEC mode. Select Terminal in the Desktop tab. Task 1: Connect to the Switch Step 1: Connect S1 and PC1. connect the RS 232 interface on PC1 to the console interface on switch S1. type ?. Switch>enable Switch# The prompt changes from > to #.8: Configuring Basic Switch Management Introduction Basic switch management is the foundation for configuring switches. While in user EXEC mode. If not. type ?. type ?. • • • Using a console cable. configuring boot sequence parameters. Inc.

Note the list of available commands. issue the switchport access vlan 99 command. Page 3 of 8 . To allow the Fa0/18 interface to act as a member of VLAN 99. S1(config-line)#password cisco S1(config-line)#login Step 16: Return to privileged EXEC mode using the end command. All rights reserved. To allow for frames to be sent and received from the interface. Step 15: Enter cisco as the password and require users to login.255.255. S1(config-if)#switchport access vlan 99 Step 12: Exit interface configuration mode.8: Configuring Basic Switch Management S1(config)# Step 7: Change to interface configuration mode for VLAN99. S1(config-line)#end S1# All contents are Copyright © 1992–2007 Cisco Systems. Issue the exit command to leave interface configuration mode and enter global configuration mode. S1(config)#line console 0 S1(config-line)# Step 14: In line configuration mode.99. change the switching mode to access using the switchport mode access command.0 S1(config-if)#no shutdown Step 9: Change to interface configuration mode for Fa0/18.11/24 and activate the interface. Inc. Step 13: Enter configuration mode for the console line. S1(config)#interface vlan 99 S1(config-if)# Step 8: Configure VLAN99 with 172.3. S1(config-if)#interface fa0/18 S1(config-if)# Step 10: Set the port mode to access. type ?. This document is Cisco Public Information. The interface vlan 99 command creates the interface and changes to interface configuration mode for VLAN99. S1(config-if)#switchport mode access Step 11: Assign VLAN99 to the port.11 255.17. S1(config-if)#ip address 172. Use the ip address and no shutdown commands to assign the correct IP address/subnet mask and activate the interface.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2.99.17.

All rights reserved. S1(config)#line console 0 S1(config-line)#history size 35 S1(config-line)#line vty 0 4 S1(config-line)#history size 35 All contents are Copyright © 1992–2007 Cisco Systems. Completion is still at 31% at the end of this Task. You are warned with a % Incomplete command message if the clock command is not fully entered with all the required arguments.3. issue the show clock command. This document is Cisco Public Information. Task 3: Use Help Facility to Configure the Clock Step 1: At the privileged EXEC command prompt. Step 3: Verify that the clock is set. Inc. Issue the show history command. To verify that the clock is set.8: Configuring Basic Switch Management Step 17: Check results. Remember how many commands are listed. Task 4: Access and Configure Command History Step 1: View the most recent commands entered. Your completion percentage should be 31%. S1#clock ? The only option is set. S1#show history Step 2: Change the number of commands stored in the history buffer. Note: Packet Tracer does not always show the correct time configured. Step 2: Use Help to assist setting the clock to the current time. type clock ?. If not. click Check Results to see which required components are not yet completed. S1#clock ? set Set the time and date S1#clock set ? hh:mm:ss Current Time S1#clock set 12:12:12 ? <1-31> Day of the month MONTH Month of the year Continue issuing the ? command until you have completed configuring the clock. Set the number of commands held in the history buffer to 35. Enter line configuration mode for both the console and Telnet lines.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Page 4 of 8 .

S1#show flash Directory of flash:/ 3 2 6 -rw-rw-rw4414921 4670455 616 <no date> <no date> <no date> c2960-lanbase-mz. Task 6: Configure a PC and Connect it to a Switch Step 1: Configure PC1 with the IP address/subnet mask 172. All rights reserved. . so completion remains at 50% at the end of this task.99. RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco Systems. Compiled Wed 12-Oct-05 22:05 by pt_team <output omitted> The version is listed in the first line. the switch still loads the first image listed in flash.17.122-25. Step 2: Check which Cisco IOS images are loaded in flash memory.2(25)FX. In global configuration mode.122-25. Step 3: Configure the system to boot using a different Cisco IOS image.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Step 4: Check results.17.bin c2960-lanbase-mz. The version that is currently loaded is c2960-lanbasemz. If not.8: Configuring Basic Switch Management Step 3: Verify that the size of the history buffer has changed. Version 12.21 and subnet mask to 255.bin. Click IP Configuration and set the IP address to 172. Inc.21/24. S1#show version Cisco IOS Software. issue this command.SEE1.bin Note: Although you can enter this command in Packet Tracer. click Check Results to see which required components are not yet completed.122-25. S1(config)#boot system flash:/c2960-lanbase-mz.dat 32514048 bytes total (23428056 bytes free) S1# Note that there are two versions in flash memory. • • Exit the terminal to return to the Desktop tab.255. Inc. Your completion percentage should be 50%.122-25.SEE1.255. This document is Cisco Public Information.bin vlan.FX.3. Task 5: Configure the Boot Sequence Step 1: Check which Cisco IOS software version is currently loaded. C2960 Software (C2960-LANBASE-M). Return to privileged EXEC mode and issue the show history command again.0 Page 5 of 8 All contents are Copyright © 1992–2007 Cisco Systems. Packet Tracer does not grade the boot system command on switches.99. There should be more commands displayed than previously.FX.

3EDD. the switch always knows which port to use to send out traffic destined for the server. Task 8: Manage the MAC Address Table Step 1: Check the MAC address of the server. Inc. Your completion percentage should be 69%. but it should be successful. Click the Server. Your completion percentage should be 81%.19A3 vlan 99 int fa0/24 Step 3: Verify that the static MAC address is now in the MAC address table. Task 7: Configure Duplex and Speed Step 1: Use the Config tab change the settings. Issue a ping from S1 to PC1. S1#show mac-address-table Mac Address Table ------------------------------------------Vlan Mac Address Type Ports Page 6 of 8 All contents are Copyright © 1992–2007 Cisco Systems. If not.19A3. . All rights reserved. and then configure the interface. Set the bandwidth of the FastEthernet interface to 100 Mbps and Full Duplex. S1(config)#interface fa0/18 S1(config-if)#duplex full S1(config-if)#speed 100 Step 3: Test connectivity between S1 and PC1. Return to the desktop and select Terminal.8: Configuring Basic Switch Management Step 2: Connect PC1 to Fa0/18 on the switch. Step 3: Test connectivity between S1 and PC1. If not. and then FastEthernet. Ping between S1 and PC1.3. By configuring a static MAC for the TFTP server. Step 4: Check results. On PC1. click Check Results to see which required components are not yet completed. Step 2: Configure static MAC for the TFTP server. Using the copper straight-through cable. The MAC Address is 0060. It may take a few attempts. connect the FastEthernet port of the PC to the Fa0/18 port on the switch. It may take a few attempts. click Check Results to see which required components are not yet completed. In global configuration mode on S1. select the Config tab.3EDD. Step 2: Use Cisco IOS commands to set Fa0/18. This document is Cisco Public Information. but it should be successful. add the MAC address to the addressing table of the switch: S1(config)#mac-address-table static 0060.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Step 4: Check results. then the Config tab.

Step 5: Back up the startup configuration to the server.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2.8: Configuring Basic Switch Management ---99 99 S1# ----------0060. Assigning VLAN99 to the port allows the Fa0/24 interface to act as a member of VLAN 99. It may take a few attempts. When you are prompted for the address of the remote host. connect the FastEthernet port on the server to the Fa0/24 port on the switch. This document is Cisco Public Information. Page 7 of 8 . All rights reserved.3edd.99. However. but it should be successful. use the default filename by pressing Enter. Inc. For the destination filename. Issue a ping from S1 to PC1. Step 4: Test connectivity between S1 and PC1. Step 3: Assign VLAN99 to the port. This entry may or may not be in your table depending on how long it has been since you pinged from PC1 to S1. This command is needed to allow the switch to know where to send traffic destined for the server. Ping the server from S1. S1#copy startup-config tftp: Address or name of remote host []? 172. the command is needed to change the interface from its default mode to access mode. 172.17. copy the startup configuration to the sever.31. but the command should be successful. It may take a few attempts. S1#configure terminal S1(config)#interface fa0/24 S1(config-if)# Step 2: Set the port mode to access.19a3 0060. Setting the port mode to access allows frames to be sent and received from the interface. Task 9: Manage the Switch Configuration File Using a copper straight-through cable. In privileged EXEC mode. S1(config-if)#switchport mode access Note: Packet Tracer does not grade the switchport mode access command.99.3.cd23 -------STATIC DYNAMIC ----Fa0/24 Fa0/18 Notice how the MAC address from PC1 was added dynamically. Completion is still at 81% at the end of this task.5c5b.17. enter IP address of the server. Step 1: Enter interface configuration mode for Fa0/24.31 Destination filename [S1-confg]? [Enter] All contents are Copyright © 1992–2007 Cisco Systems. Packet Tracer does not grade this command. S1(config-if)#switchport access vlan 99 Step 4: Verify S1 can ping the server.

click the server and then click the Config tab. then TFTP. To determine if the startup configuration was successfully transferred to the server. Inc. All contents are Copyright © 1992–2007 Cisco Systems. The S1-confg files should be the last one listed.3. If not. Note: Restoring the startup from the server is not fully simulated in Packet Tracer. Click Server. Note to Instructors: If you are grading this activity. click Check Results to see which required components are not yet completed.8: Configuring Basic Switch Management Step 6: Verify that the server has the startup configuration.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Your completion percentage should be 100%. then Config tab. All rights reserved. The S1-confg file should be listed under Services and TFTP. Page 8 of 8 . Step 7: Check results. This document is Cisco Public Information. verify that the Server has the S1-confg file.

7: Configure Switch Security (Instructor Version) Topology Diagram Addressing Table Device S1 PC1 PC2 Interface VLAN99 NIC NIC IP Address 172. All rights reserved. Page 1 of 6 .17.99. This document is Cisco Public Information. Keep these default settings for Terminal Configuration and then click OK: Bits Per Second = 9600 Data Bits = 8 Parity = None All contents are Copyright © 1992–2007 Cisco Systems. access the console connection to S1.0 255.11 172.17.99.4.99.17.255.PT Activity 2.21 172.0 Learning Objectives • • • • Configure basic switch management Configure dynamic port security Test dynamic port security Secure unused ports Task 1: Configure Basic Switch Management Step 1: From PC1.255. Inc.0 255. • • Click PC1 and then the Desktop tab.32 Subnet Mask 255. Select Terminal in the Desktop tab.255.255.255.255.

including some of the unencrypted passwords! For those reasons. Page 2 of 6 . All rights reserved. Repeat the process with the vty lines. To access privileged EXEC mode. Inc. Use the line vty 0 15 command to access the correct prompt. Step 3: Change to global configuration mode and configure the privileged EXEC password. End with CNTL/Z.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Use the password command to configure the console and vty lines with cisco as the password. type the enable command. For this activity. Then enter the login command. Use the enable secret command to set the password. Even the basic user EXEC mode can provide significant information to a malicious user. Why is the lack of a privileged EXEC mode password a security threat? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Privileged EXEC mode allows any user enabling that mode on a Cisco switch to configure any option available on the switch. Step 4: Configure virtual terminal and console passwords and require users to login. S1(config)#enable secret class S1(config)# Note: PT will not grade the enable secret command. Press Enter to get the Switch prompt. This document is Cisco Public Information. • Type the exit command to return to the global configuration prompt. the vty lines must have a password before users can access the switch remotely. Note: PT will not grade the password cisco command in this case.7: Configure Switch Security Stop Bits = 1 Flow Control = None • You are now consoled into S1. • • While in privileged EXEC mode. • • • • Access the console prompt using the line console 0 command. you can access global configuration mode by using the configure terminal command. S1>enable S1# Notice how you were able to enter privileged EXEC mode without providing a password. The prompt changes from > to #. set the password to class. Step 2: Change to privileged EXEC mode. In addition. A password should be required to access the console line. it is important to secure access to privileged EXEC mode. one per line.4. S1#configure terminal Enter configuration commands. You can also view all the currently configured settings on the switch. S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#line vty 0 15 S1(config-line)#password cisco S1(config-line)#login All contents are Copyright © 1992–2007 Cisco Systems. which requires users to enter a password before gaining access to user EXEC mode.

All contents are Copyright © 1992–2007 Cisco Systems. S1(config)#service password-encryption S1(config)# Step 6: Configure and test the MOTD banner. S1(config)#banner motd &Authorized Access Only& S1(config)#end [or exit] S1#exit S1 con0 is now available Press RETURN to get started. S1>enable Password: [class] !Note: Password does not display as you type. The privileged EXEC password is already encrypted. The delimiting character used in the example below is &. Make sure you do not add any spaces before or after the banner text. [Enter] Authorized Access Only User Access Verification Password: • • The password prompt now requires a password to enter user EXEC mode. After you have configured the MOTD. enter the service password-encryption command in global configuration mode. log out of the switch to verify that the banner displays when you log back in.4. All rights reserved.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Use a delimiting character before and after the banner text to indicate where the text begins and ends. click Check Results to see which required components are not yet completed. but you can use any character that is not used in the banner text. This document is Cisco Public Information. End with CNTL/Z. Inc. S1(config)# Step 7: Check results. S1#configure terminal Enter configuration commands. If not. one per line. To encrypt the line passwords that you just configured. Page 3 of 6 . Configure the message-of-the-day (MOTD) using Authorized Access Only as the text. Enter the password cisco. Password: [cisco] !Note: Password does not display as you type. The banner text is case sensitive. Your completion percentage should be 40%.7: Configure Switch Security S1(config-line)#exit S1(config)# Step 5: Configure password encryption. Enter privileged EXEC mode with the password class and return to global configuration mode with the configure terminal command.

CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration

PT Activity 2.4.7: Configure Switch Security

Task 2: Configure Dynamic Port Security
Step 1: Enable VLAN99. Packet Tracer opens with the VLAN 99 interface in the down state, which is not how an actual switch operates. You must enable VLAN 99 with the no shutdown command before the interface becomes active in Packet Tracer. S1(config)#interface vlan 99 S1(config-if)#no shutdown Step 2: Enter interface configuration mode for FastEthernet 0/18 and enable port security. Before any other port security commands can be configured on the interface, port security must be enabled. S1(config-if)#interface fa0/18 S1(config-if)#switchport port-security Notice that you do not have to exit back to global configuration mode before entering interface configuration mode for fa0/18. Step 3: Configure the maximum number of MAC addresses. To configure the port to learn only one MAC address, set the maximum to 1: S1(config-if)#switchport port-security maximum 1 Note: PT does not grade the switchport port-security maximum 1 command, however this command is vital in configuring port security. Step 4: Configure the port to add the MAC address to the running configuration. The MAC address learned on the port can be added to (“stuck” to) the running configuration for that port. S1(config-if)#switchport port-security mac-address sticky Note: PT does not grade the switchport port-security mac-address sticky command, however this command is vital in configuring port security. Step 5: Configure the port to automatically shut down if port security is violated. If you do not configure the following command, S1 only logs the violation in the port security statistics but does not shut down the port. S1(config-if)#switchport port-security violation shutdown Note: PT does not grade the switchport port-security violation shutdown command, however this command is vital in configuring port security. Step 6: Confirm that S1 has learned the MAC address for PC1. Ping from PC1 to S1. Confirm that S1 now has static MAC address entry for PC1 in the MAC table: S1#show mac-address-table Mac Address Table ------------------------------------------Vlan ---99 Mac Address ----------0060.5c5b.cd23 Type -------STATIC Ports ----Fa0/18
Page 4 of 6

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration

PT Activity 2.4.7: Configure Switch Security

The MAC address is now “stuck” to the running configuration. S1#show running-config <output omitted> interface FastEthernet0/18 switchport access vlan 99 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0060.5C5B.CD23 <output omitted> S1# Step 7: Check results. Your completion percentage should be 70%. If not, click Check Results to see which required components are not yet completed.

Task 3: Test Dynamic Port Security
Step 1: Remove the connection between PC1 and S1 and connect PC2 to S1. • • To test port security, delete the Ethernet connection between PC1 and S1. If you accidentally delete the console cable connection, simply reconnect it. Connect PC2 to Fa0/18 on S1. Wait for the amber link light to turn green and then ping from PC2 to S1. The port should then automatically shut down.

Step 2: Verify that port security is the reason the port is shut down. To verify that port security has shut the port down, enter the command show interface fa0/18. S1#show interface fa0/18 FastEthernet0/18 is down, line protocol is down (err-disabled) Hardware is Lance, address is 0090.213e.5712 (bia 0090.213e.5712) <output omitted> The line protocol is down because of an error (err) of accepting a frame with a different MAC address than the learned MAC address, so the Cisco IOS software shut down (disabled) the port. You can also verify a security violation with the show port-security interface fa0/18 command. S1#show port-security interface fa0/18 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 00E0.F7B0.086E:99 Security Violation Count : 1 Notice that the Port Status is secure-shutdown, and the security violation count is 1. Step 3: Restore the connection between PC1 and S1 and reset port security.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6

CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration

PT Activity 2.4.7: Configure Switch Security

Remove the connection between PC2 and S1. Reconnect PC1 to the Fa0/18 port on S1. Notice that the port is still down even though you reconnected the PC that is allowed on the port. A port that is in the down state because of a security violation must be manually reactivated. Shut down the port and then activate it with no shutdown. S1#config t Enter configuration commands, one per line. End with CNTL/Z. S1(config)#interface fa0/18 S1(config-if)#shutdown %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down S1(config-if)#no shutdown %LINK-5-CHANGED: Interface FastEthernet0/18, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/18, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up S1(config-if)#exit S1(config)# Step 4: Test connectivity by pinging S1 from PC1. The ping from PC1 to S1 should be successful. Your completion percentage should still be 70% at the end of this task.

Task 4: Secure Unused Ports
A simple method many administrators use to help secure their network from unauthorized access is to disable all unused ports on a network switch. Step 1: Disable interface Fa0/17 on S1. Enter interface configuration mode for FastEthernet 0/17 and shut down the port. S1(config)#interface fa0/17 S1(config-if)#shutdown Step 2: Test the port by connecting PC2 to Fa0/17 on S1. Connect PC2 to the Fa0/17 interface on S1. Notice that the link lights are red. PC2 does not have access to the network. Step 3: Check results. Your completion percentage should be 100%. If not, click Check Results to see which required components are not yet completed.

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 6 of 6

All rights reserved.11 172.99. there are a number of parameters that a network administrator should modify to ensure a secure and optimized LAN.255.255.17.17. All contents are Copyright © 1992–2007 Cisco Systems.0 255. you will examine and configure a standalone LAN switch.99.99.99.5.1: Basic Switch Configuration (Instructor version) Topology Addressing Table Device PC1 PC2 S1 Interface NIC NIC VLAN99 IP Address 172. Page 1 of 10 . Inc.99.11 Subnet Mask 255.0 Default Gateway 172.17.255.17. Although a switch performs basic functions in its default out-of-the-box condition.11 172.17.22 172.1 Learning Objectives • • • • • Clear an existing configuration on a switch Verify the default switch configuration Create a basic switch configuration Manage the MAC address table Configure port security Introduction In this activity.0 255.21 172.255.17. This document is Cisco Public Information.99.PT Activity 2.255.255. This activity introduces you to the basics of switch configuration.

Switch#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [Enter] [OK] Erase of nvram: complete Step 4.1: Basic Switch Configuration Task 1: Clear an Existing Configuration on a Switch Step 1.5. issue the command delete flash:vlan. Fa0/3. Fa0/14. Verify that the VLAN configuration was deleted using the show vlan command.----------------------------1 default active Fa0/1. Fa0/6. Fa0/22. Remove the VLAN database information file. Remove the switch startup configuration file from NVRAM. Click S1 and then the CLI tab. Switch>enable Switch# Step 2.dat Switch#delete flash:vlan. Fa0/2. Switch#show vlan brief VLAN Name Status Ports ---. Fa0/20 Fa0/21. Reload the switch. Switch#reload Proceed with reload? [confirm] [Enter] %SYS-5-RELOAD: Reload requested by console.dat in flash. Fa0/10.dat? [confirm] [Enter] Step 3. Fa0/19.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Verify the VLAN information was deleted. This document is Cisco Public Information. Fa0/16 Fa0/17. enter the reload command to begin the process. Fa0/7. Inc.dat Delete filename [vlan. All rights reserved. Fa0/8 Fa0/9. Reload Reason: Reload Command.-----------------------------. Step 5. VLAN database information is stored separately from the configuration files in vlan. Issue the enable command to enter the privileged EXEC mode.dat]? [Enter] Delete flash:vlan. At the privileged EXEC mode prompt. Page 2 of 10 . <output omitted> All contents are Copyright © 1992–2007 Cisco Systems. Fa0/15. Fa0/24 10 VLAN10 active 30 VLAN30 active 1002 fddi-default active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active The VLAN information is still on the switch. Follow the next step to clear it.--------. To remove the VLAN file. Fa0/18. Fa0/12 Fa0/13. Fa0/23. Fa0/4 Fa0/5. Enter privileged EXEC mode by typing the enable command. Fa0/11.

You can access all the switch commands in privileged mode.2(25)SEE3 (may vary) What is the system image filename? ________________________________________C2960LANBASE-M (may vary) What is the base MAC address of this switch? _________________________________varies All contents are Copyright © 1992–2007 Cisco Systems. Step 2.5. as well as the configure command through which access to the remaining command modes are gained. The privileged command set includes those commands contained in user EXEC mode. All rights reserved. line protocol is down Internet protocol processing disabled Step 3. Why does the switch give this response? ______________________________________________________________________ No configuration has been saved to NVRAM yet. Examine the current running configuration by issuing the show running-config command. because many of the privileged commands configure operating parameters. 5-15 Examine the current contents of NVRAM by issuing the show startup-config command. A switch fresh out of the box would not have been pre-configured. Display Cisco IOS information. Switch>enable Switch# Notice that the prompt changed in the configuration to reflect privileged EXEC mode. How many Fast Ethernet interfaces does the switch have? _______________________24 How many Gigabit Ethernet interfaces does the switch have? _____________________2 What is the range of values shown for the vty lines? ____________________________0-4. Examine the characteristics of the virtual interface VLAN1 by issuing the command show interface vlan1. This document is Cisco Public Information.1: Basic Switch Configuration Press RETURN to get started! [Enter] Switch> Task 2: Verify the Default Switch Configuration Step 1. Enter privileged mode. Display Cisco IOS information using the show version command. However. Page 3 of 10 . privileged access should be password-protected to prevent unauthorized use. If the switch has been configured and not erased. What output do you see? _________________________________________________________ Vlan1 is administratively down.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Is there an IP address set on the switch? __________________________________no What is the MAC address of this virtual switch interface? ______________________varies Is this interface up? ___________________________________________________administratively down. Inc. the startup configuration will be shown. protocol down Now view the IP properties of the interface using the show ip interface vlan1. Examine the current switch configuration. What is the Cisco IOS version that the switch is running? _______________________12.

Examine the default VLAN settings of the switch using the show vlan command.4412 (bia 0060. Examine VLAN information. To save the contents of the running configuration file to non-volatile RAM (NVRAM). reliability 255/255. rxload 1/255 Encapsulation ARPA. Earlier in step 2 you saw that the startup configuration file did not exist. Examine the Fast Ethernet interfaces. Switch#show interface fastethernet 0/18 FastEthernet0/18 is up. txload 1/255. Switch(config)#hostname S1 S1(config)#exit S1# End with CNTL/Z. Gig1/2 Is VLAN 1 active? _________________________________________________yes What type of VLAN is the default VLAN? ______________________________enet (Ethernet) Step 6. one per line. Issue either one of the commands to examine the contents of the flash directory. Fa0/1 – Fa0/24. Make one configuration change to the switch and then save it. 100Mb/s Step 5. issue the the command copy running-config startup-config.5c36.1: Basic Switch Configuration Step 4.5. loopback not set Keepalive set (10 sec) Full-duplex.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. address is 0060.5c36. DLY 1000 usec. Which files or directories are found? ____________________________________________________________________________________ c2960-lanbase-mz. Examine the default properties of the Fast Ethernet interface used by PC1 using the show interface fastethernet 0/18 command.4412) MTU 1500 bytes. Examine and save the startup configuration file. Examine flash memory.FX. BW 100000 Kbit. Switch#copy running-config startup-config Destination filename [startup-config]? [enter] All contents are Copyright © 1992–2007 Cisco Systems. There are two commands to examine flash memory. Type the following commands: Switch#configure terminal Enter configuration commands.122-25. What is the name of VLAN 1? ________________________________default Which ports are in this VLAN? __________________________all ports. This document is Cisco Public Information. dir flash: or show flash. 100Mb/s <Output Omitted> Is the interface up or down? ______________________________________ Should be up unless there is a cabling problem What event would make an interface go up? _________________________connecting a host or other device What is the MAC address of the interface? __________________________varies What is the speed and duplex setting of the interface? _________________Full-duplex. Inc.bin Step 7. Page 4 of 10 . line protocol is up (connected) Hardware is Lance. All rights reserved. Gig1/1.

. Assign ports to the switch VLAN. Enter the configuration commands. Configure the Layer 3 address of the switch. Inc. Notice that the command line prompt changes to reflect the current prompt and switch name.255.17. Set the login password to cisco. S1#configure terminal S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#line vty 0 15 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#exit S1(config)# Why is the login command required? _____________________________________________________ Without the login command. Enter global configuration mode. This document is Cisco Public Information.99. 0/8. Step 3.255. Page 5 of 10 . Here's a review of the commands used. S1#configure terminal S1(config)#hostname S1 S1(config)#exit Step 2.255. S1(config)#vlan 99 S1(config-vlan)#exit S1(config)#interface vlan99 S1(config-if)#ip address 172.0 S1(config-if)#no shutdown S1(config-if)#exit Step 5. Set the access passwords.1: Basic Switch Configuration Building configuration.. Also configure the vty lines 0 to 15 with the password cisco. Set the command mode passwords. Task 3: Create a Basic Switch Configuration Step 1. you configured the hostname. the switch will not require that a password be entered. All rights reserved.11 255. In the last step of the previous task.99. S1(config)#enable secret class Step 4. Enter config-line mode for the console. Set the enable secret password to class. Configuration mode allows you to manage the switch.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2.255. one on each line. Set the IP address of the switch to 172. S1(config)#interface fa0/1 S1(config-if)#switchport access vlan 99 All contents are Copyright © 1992–2007 Cisco Systems. [OK] Now display the contents of NVRAM. The VLAN must first be created on the switch before the address can be assigned. Assign Fastethernet 0/1.0 on the internal virtual interface VLAN 99. The current configuration has been written to NVRAM.11 with a subnet mask of 255. and 0/18 to ports to VLAN 99.5.17. Assign a name to the switch.

To verify the host and switch are correctly configured. Total output drops: 0 Queueing strategy: fifo <Output Omitted> What is the bandwidth on this interface? ______________________________ BW 1000000 Kbit What is the queuing strategy? ____________________fifo Step 8. reliability 255/255.11. Step 9. because the path must be determined at Layer three. All rights reserved.1eb8) Internet address is 172.0. Set the switch default gateway.47ac. Use the end command to return to privileged EXEC mode when finished. Verify the management LANs settings. S1 is a layer 2 switch. BW 100000 Kbit.1 S1(config)#exit Step 7.17.1. you need to specify how the switch forwards the internetwork frames.11/24 MTU 1500 bytes. so it makes forwarding decisions based on the Layer 2 header. Verify connectivity.21.1eb8 (bia 0060. Configure the IP address and default gateway for PC1. This document is Cisco Public Information.17.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2.17. address is 0060. output never. loopback not set ARP type: ARPA.99. Although this activity does not include an external IP gateway. Assuming that the LAN interface on the router is 172. with a subnet mask of 255. Configure a default gateway of 172.99.99. If the ping is not successful.47ac. troubleshoot the switch and host configuration. S1#configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#speed 100 S1(config-if)#duplex full S1(config-if)#end All contents are Copyright © 1992–2007 Cisco Systems. Page 6 of 10 . Click PC1 and its Desktop tab then IP configuration to input the addressing parameters. txload 1/255. Verify the interface settings on VLAN 99 with the show interface vlan 99 command.255. DLY 1000000 usec. S1(config)#ip default-gateway 172. Inc.1: Basic Switch Configuration S1(config-if)#exit Step 6.255.99. Note that this may take a couple of tries for the pings to succeed. If multiple networks are connected to a switch. line protocol is up Hardware is CPU Interface. Configure the duplex and speed settings on Fast Ethernet 0/18. ARP Timeout 04:00:00 Last input 21:40:21. Configure the port speed and duplex settings for a Fast Ethernet interface. This is done by specifying a default gateway address that points to a router or Layer 3 switch. Set the IP address of PC1 to 172. assume that you will eventually connect the LAN to a router for external access. output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes).5. S1#show interface vlan 99 Vlan99 is up.17. Step 10.99.17. ping the switch from PC1. set the default gateway for the switch. rxload 1/255 Encapsulation ARPA.

Page 7 of 10 . S1#copy running-config startup-config Destination filename [startup-config]?[Enter] Building configuration. Determine the MAC addresses that the switch has learned. issue the show startup-config command from privileged EXEC (enable mode). ping from PC1 to S1 then check again. BW 100000 Kbit. All rights reserved. Are all the changes that were entered recorded in the file? Task 4: Managing the MAC Address Table Step 1. rxload 1/255 Encapsulation ARPA. Click Command Prompt. address is 0060.4412) MTU 1500 bytes. line protocol is up (connected) Hardware is Lance. so it automatically negotiates optimal settings. 100Mb/s <Output omitted> Step 11. which can significantly degrade performance. Type ipconfig /all Step 2. Determine and record the Layer 2 (physical) addresses of the PC network interface cards using the following steps: • • • • Click the PC. S1#show mac-address-table All contents are Copyright © 1992–2007 Cisco Systems. reliability 255/255. Remove the speed 100 and duplex full commands.5c36. Display the MAC addresses using the show mac-address-table command in privileged EXEC mode. Inc.5c36. If there are no MAC addresses.1: Basic Switch Configuration The default on the Ethernet interface of the switch is auto-sensing. Manually configuring ports can lead to duplex mismatches. Now back up the running configuration file to NVRAM to ensure that the changes made will not be lost if the system is rebooted or loses power. You have completed the basic configuration of the switch.. This document is Cisco Public Information. Save the configuration. S1#show interface fastethernet 0/18 FastEthernet0/18 is up. Select the Desktop tab. Notice how the link between PC1 and S1 went down. Examine the startup configuration file.5.. txload 1/255. DLY 1000 usec. [OK] S1# Step 12. You should set duplex and speed manually only if a port must operate at a certain speed and duplex mode. Now verify the settings on the Fast Ethernet interface with the show interface fa0/18 command. Record the MAC addresses of the hosts. To see the configuration that is stored in NVRAM.4412 (bia 0060.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. loopback not set Keepalive set (10 sec) Full-duplex.

C285. To specify which ports a host can connect to.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Determine which MAC addresses that the switch has learned. Enter configuration mode and remove the static MAC by putting a no in front of the command string.0 and a default gateway of 172. Do not connect this PC to the switch yet. S1#show mac-address-table Step 8.16E8. 0002. Step 6. Set up a static MAC address on Fast Ethernet interface 0/18 using the address that was recorded for PC1 in Step 1 of this task.17. The table has not changed.C285 vlan 99 interface fastethernet 0/18 Step 7. Verify that PC1 and the switch are still correctly configured by pinging the VLAN 99 IP address of the switch from the host. Configure a second host.16E8. S1(config)#mac-address-table static 0002. Examine the MAC table again. Display the learned MAC addresses using the show mac-address-table command in privileged EXEC mode.99.255. Remove the static MAC entry. ping S1 from PC1 and check again. Verify the results. A second host is needed for this task. Verify that the MAC address table was cleared. Set up a static MAC address. To remove the existing MAC addresses.16E8.5. Inc. This document is Cisco Public Information. Step 3. S1#clear mac-address-table dynamic Step 4. use the clear mac-address-table dynamic command from privileged EXEC mode.17. Step 2. Verify that the static MAC address has been cleared with the show mac-address-table static command. Page 8 of 10 . Set the IP address of PC2 to 172. All contents are Copyright © 1992–2007 Cisco Systems.11. If the pings were not successful. Task 5: Configuring Port Security Step 1. All rights reserved.C285 vlan 99 interface fastethernet 0/18 Step 9. Verify the results. Look at the MAC address table again in privileged EXEC mode. Verify connectivity. Clear the MAC address table.99.22.1: Basic Switch Configuration Step 3.255. troubleshoot the host and switch configurations. S1#show mac-address-table Step 5. with a subnet mask of 255. one option is to create a static mapping of the host MAC address to a port. S1(config)#no mac-address-table static 0002. Verify the MAC address table entries. Verify the results.

Configure switch port Fast Ethernet 0/18 to accept only two devices. Verify the results. S1(config-if)#switchport S1(config-if)#switchport S1(config-if)#switchport S1(config-if)#switchport S1(config-if)#switchport S1(config-if)#exit Step 6.99. Connect PC2. Have the port security settings changed to reflect the modifications in Step 8? Ping the VLAN 99 address of the switch from PC1 to verify connectivity and to refresh the MAC address table. Switch between Simulation and Realtime mode to accelerate convergence. Disconnect the PC attached to Fast Ethernet 0/18 from the switch. What happened when you tried to ping S1? Note: Convergence may take up to a minute.5. Step 10. Explore the options for setting port security on interface Fast Ethernet 0/18.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. mode access port-security port-security maximum 2 port-security mac-address sticky port-security violation shutdown All contents are Copyright © 1992–2007 Cisco Systems. List the port security options. Introduce a rogue host. Show the port security settings with the show port-security interface fa0/18 command. All rights reserved. Configure port security on an access port. to learn the MAC addresses of those devices dynamically.17.11 from the new host. How many secure addresses are allowed on Fast Ethernet 0/18? What is the security action for this port? Step 7. which has been given the IP address 172. and to shutdown the port if a violation occurs.1: Basic Switch Configuration Step 4. Ping the VLAN 99 address 172. Page 9 of 10 .22 to port Fast Ethernet 0/18. On interface Fast Ethernet 0/18. Verify the results. Inc. change the port security maximum MAC address count to 1. Examine the running configuration file. This document is Cisco Public Information. S1(config-if)#switchport port-security maximum 1 Step 9. S1# configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> Step 5.99. Show the port security settings with the show port-security interface fa0/18 command. S1#show running-config Are there statements listed that directly reflect the security implementation of the running configuration? Step 8.17. Modify the port security settings on a port.

All rights reserved.5. PC1 should be able to again ping S1. Reactivate the port.1: Basic Switch Configuration Step 11. Inc. After convergence. Page 10 of 10 . no traffic can pass between the host and switch.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. All contents are Copyright © 1992–2007 Cisco Systems. Reconnect PC1 to Fast Ethernet 0/18. Verify connectivity. This document is Cisco Public Information. As long as the rogue host is attached to Fast Ethernet 0/18. and enter the following commands on the switch to reactivate the port: S1#configure terminal S1(config)#interface fastethernet 0/18 S1(config-if)#no shutdown S1(config-if)#exit Step 12.

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge (Instructor Version)
Topology Diagram

Addressing Table
Device R1 S1 PC1 PC2 Server Interface Fa0/0 Fa0/1 NIC NIC NIC IP Address 172.17.99.1 172.17.99.11 172.17.99.21 172.17.99.22 172.17.99.31 Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

Objectives
• • • • • • • • • Establish console connection to switch Configure hostname and VLAN99 Configure the clock Modify the history buffer Configure passwords and console/Telnet access Configure login banners Configure the router Configure the boot sequence Solve duplex and speed mismatch
Page 1 of 7

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration

PT Activity 2.6.1: PT Skills Integration Challenge

• • • •

Manage the MAC address table Configure port security Secure unused ports Manage the switch configuration file

Introduction
In this Packet Tracer Skills Integration Challenge activity, you will configure basic switch management, including general maintenance commands, passwords, and port security. This activity provides you an opportunity to review previously acquired skills.

Task 1: Establish a Console Connection to a Switch
Step 1: Connect a console cable to S1. For this activity, direct access to S1 Config and CLI tabs is disabled. You must establish a console session through PC1. Connect a console cable from PC1 to S1. Step 2: Establish a terminal session. From PC1, open a terminal window and use the default terminal configuration. You should now have access to the CLI for S1. Step 3: Check results. Your completion percentage should be 6%. If not, click Check Results to see which required components are not yet completed.

Task 2: Configure the Hostname and VLAN 99
Step 1: Configure the switch hostname as S1. Step 2: Configure port Fa0/1 and interface VLAN 99. Assign VLAN 99 to FastEthernet 0/1 and set the mode to access mode. These commands are discussed further in the next chapter. S1(config)#interface fastethernet 0/1 S1(config-if)#switchport access vlan 99 S1(config-if)#switchport mode access Configure IP connectivity on S1 using VLAN 99. S1(config)#interface vlan 99 S1(config-if)#ip address 172.17.99.11 255.255.255.0 S1(config-if)#no shutdown Step 3: Configure the default gateway for S1. Configure the default gateway and then test connectivity. S1 should be able to ping R1. Step 4: Check results. Your completion percentage should be 26%. If not, click Check Results to see which required components are not yet completed. Also, make sure that interface VLAN 99 is active.

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 2 of 7

CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration

PT Activity 2.6.1: PT Skills Integration Challenge

Task 3: Configure the Clock Using Help
Step 1: Configure the clock to the current time. At the privileged EXEC prompt, enter clock ?. Use Help to discover each additional step required to set the current time. Packet Tracer does not grade this command, so the completion percentage does not change. Step 2: Verify that the clock is set to the current time. Use the show clock command to verify that the clock is now set to the current time. Packet Tracer may not correctly simulate the time you entered.

Task 4: Modify the History Buffer
Step 1: Set the history buffer to 50 for the console line. Step 2: Set the history buffer to 50 for the vty lines. Step 3: Check results. Your completion percentage should be 32%. If not, click Check Results to see which required components are not yet completed.

Task 5: Configure Passwords and Console/Telnet Access
Step 1: Configure the privileged EXEC password. Use the encrypted form of the privileged EXEC mode password and set the password to class. Step 2: Configure the passwords for console and Telnet. Set the console and vty password to cisco and require users to log in. Step 3: Encrypt passwords. View the current configuration on S1. Notice that the line passwords are shown in clear text. Enter the command to encrypt these passwords. Step 4: Check results. Your completion percentage should be 41%. If not, click Check Results to see which required components are not yet completed.

Task 6: Configure the Login Banner
If you do not enter the banner text exactly as specified, Packet Tracer does not grade your command correctly. These commands are case-sensitive. Also make sure that you do not include any spaces before or after the text. Step 1: Configure the message-of-the-day banner on S1. Configure the message-of-the-day as Authorized Access Only. Step 2: Check results. Your completion percentage should be 44%. If not, click Check Results to see which required components are not yet completed.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 7

enter the command show flash. Your completion percentage should be 68%. Step 2: Verify connectivity. Note: Packet Tracer does not show this command in the running configuration.bin c2960-lanbase-mz. Make sure your command includes the file system. You should see the following files listed: S1#show flash Directory of flash:/ 1 3 2 -rw-rw-rw4414921 4670455 616 <no date> <no date> <no date> c2960-lanbase-mz. Packet Tracer does not load the image you specified. Your completion percentage should be 65%. Access the CLI for R1 by clicking the device. if you reload the switch. If not. Task 8: Configure the Boot Sequence Step 1: View current files stored in flash. and each other. All rights reserved. which is flash. Inc.1: PT Skills Integration Challenge Task 7: Configure the Router Step 1: Configure the router with the same basic commands you used on S1. Routers and switches share many of the same commands. R1.122-25. In addition. All contents are Copyright © 1992–2007 Cisco Systems.SEE1.dat 32514048 bytes total (23428056 bytes free) Step 2: Configure S1 to boot using the second image listed. This document is Cisco Public Information.bin vlan. Enter commands on S1 to solve this problem. click Check Results to see which required components are not yet completed. PC1 and Server currently do not have access through S1 because of a mismatch between duplex and speed. Do the following on R1: • • • • • • Configure the hostname Set the history buffer to 50 for both console and vty Configure the encrypted form of the privileged EXEC mode password and set the password to class Set the console and vty password to cisco and require users to log in Encrypt the console and vty passwords Configure the message-of-the-day as Authorized Access Only Step 2: Check results.FX. Page 4 of 7 . Step 3: Check results. On S1. Both PC1 and Server should now be able to ping S1. If not.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. click Check Results to see which required components are not yet completed.122-25. Task 9: Solve a Mismatch Between Duplex and Speed Step 1: Change the duplex and speed on S1.6.

Use the following policy to establish port security on the port used by PC1: • • • Enable port security Allow only one MAC address Configure the first learned MAC address to "stick" to the configuration • Set the port to shut down if there is a security violation Note: Only the enable port security step is graded by Packet Tracer and counted toward the completion percentage. Your completion percentage should be 76%. Step 3: Check results.9a32. Your completion percentage should be 74%. Step 2: Verify port security. However. Notice that S1 has not yet learned a MAC address for this interface. This document is Cisco Public Information.1659 Type -------DYNAMIC DYNAMIC DYNAMIC Ports ----Fa0/24 Fa0/1 Fa0/18 The list of MAC address in your output may be different depending on how long it has been since you sent any packets across the switch.8e01 0060. Verify that port security is enabled for Fa0/18. Your output should look like the following output. If not. click Check Results to see which required components are not yet completed.637b.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. all the port security tasks listed above are required to complete this activity successfully. If not. Page 5 of 7 .b267 0004. What command would you use to display the MAC address table? S1#________________________________________ show mac-address-table Mac Address Table ------------------------------------------Vlan ---99 99 99 Mac Address ----------0001.1: PT Skills Integration Challenge Step 3: Check results. What command generated the following output? S1#________________________________ show port-security int fa0/18 Port Security : Enabled All contents are Copyright © 1992–2007 Cisco Systems.6. Step 2: Configure a static MAC address.3ee6. Enter the command to statically configure the MAC address of Server. Network policy may dictate that all server addresses be statically configured. All rights reserved. Task 10: Manage the MAC Address Table Step 1: View the current MAC address table. click Check Results to see which required components are not yet completed. Inc. Task 11: Configure Port Security Step 1: Configure port security for PC1.

Interface Fa0/18 must be manually configured before returning to the active state. Then verify that S1 has added the MAC address for PC1 to the running configuration.6. Your completion percentage should be 82%. send a ping from PC2 to S1 to cause the port to shut down. To re-enable the port. line protocol is down (err-disabled) <output omitted> Step 5: Reconnect PC1 and re-enable the port. Wait for the link lights to turn green.5193:99 1 Viewing the Fa0/18 interface shows that line protocol is down (err-disabled). All contents are Copyright © 1992–2007 Cisco Systems. Step 6: Check results.3EE6. ! interface FastEthernet0/18 <output omitted> switchport port-security mac-address sticky 0060. click Check Results to see which required components are not yet completed. Inc. S1#show interface fa0/18 FastEthernet0/18 is down.1: PT Skills Integration Challenge Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : : : Secure-up Shutdown 0 mins Absolute Disabled 1 0 0 0 0000. disconnect PC2 from Fa0/18 and reconnect PC1.BAD6. Send a ping from PC1 to S1.0000. This document is Cisco Public Information. All rights reserved. Remove the FastEthernet connection between S1 and PC1. If necessary. Connect PC2 to Fa0/18.0000:0 0 Step 3: Force S1 to learn the MAC address for PC1. which also indicates a security violation. Port security should show the following results: Port Security Port Status Violation Mode Aging Time Aging Type SecureStatic Address Aging Maximum MAC Addresses Total MAC Addresses Configured MAC Addresses Sticky MAC Addresses Last Source Address:Vlan Security Violation Count : : : : : : : : : : : : Enabled Secure-shutdown Shutdown 0 mins Absolute Disabled 1 1 1 0 00D0.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. Page 6 of 7 . If not.1659 <output omitted> ! Step 4: Test port security.

Step 3: Check results.6. and Gig 1/2. This document is Cisco Public Information. Note to Instructors: Verify that the student uploaded the config files to Server. Packet Tracer grades the status of the following ports: Fa0/2. R1-confg and S1-confg should be in the file list. All rights reserved. If not. Your completion percentage should be 100%. Disable all ports that are currently not used on S1. Fa0/3. then click TFTP under Services. Inc. Once complete. verify the server has the R1-confg and S1-confg files. Step 2: Back up the startup configuration files for S1 and R1 to Server. Gig 1/1. then click Config tab. Page 7 of 7 . Task 13: Manage the Switch Configuration File Step 1: Save the current configuration to NVRAM for R1. Fa0/4. Step 2: Check results. All contents are Copyright © 1992–2007 Cisco Systems. Click Server. If not. Back up the startup configuration file on S1 and R1 by uploading them to Server. Your completion percentage should be 97%.1: PT Skills Integration Challenge Task 12: Secure Unused Ports Step 1: Disable all unused ports on S1.CCNA Exploration LAN Switching and Wireless: Basic Switch Concepts and Configuration PT Activity 2. click Check Results to see which required components are not yet completed. click Check Results to see which required components are not yet completed.

4: Investigating a VLAN Implementation (Instructor Version) Topology Diagram Learning Objectives • • Observe broadcast traffic in a VLAN implementation Observe broadcast traffic without VLANs Introduction This activity opens with completion at 100%. The purpose of the activity is to observe how broadcast traffic is forwarded by the switches when VLANs are configured and when VLANs are not configured. Wait for all the link lights to turn to green. In normal operation. PC6 belongs to VLAN 30. And because PC4 is not the destination. it forwards the frame out all other ports. All rights reserved. Click the Capture/Forward button to step through the process. Observe the ARP requests as they traverse the network. Also notice that S3 only sends the ARP request out Fa0/11 to PC4. Click PC1 and then PC6. Page 1 of 2 .PT Activity 3. Use the Add Simple PDU tool. when a switch receives a broadcast frame on one of its ports.1. Because broadcast traffic is contained within the VLAN. PC1 and PC4 both belong to VLAN 10. Task 1: Observe Broadcast Traffic in a VLAN Implementation Step 1: Ping from PC1 to PC6. The ping from PC1 fails. Inc. PC6 never receives the ARP request from PC1. switch back and forth between Simulation and Reatime mode. This document is Cisco Public Information. because PC1 never receives an ARP reply. To accelerate this process. it discards the ARP request. Notice that S2 only sends the ARP request out Fa0/1 to S1. All contents are Copyright © 1992–2007 Cisco Systems.

it replies to the ARP request. enter user EXEC mode with the password cisco. Clear the configurations on all three switches and delete the VLAN database. Use the Add Simple PDU tool. Step 3. erase the configuration and delete the VLAN database on each switch. After the switches reload and the link lights return to green. Click PC1 and then PC4. To succeed. Click Capture/Forward to send ARP request and pings. The commands for S1 are shown here. PC1 is then able to send the ping with the destination MAC address for PC4. Task 2: Observe Broadcast Traffic without VLANs Step 1.dat]? Enter Delete flash:/vlan. Observe the ARP requests as they traverse the network. the network is ready to forward your ARP and ping traffic. S1#reload Proceed with reload? [confirm]Enter Wait for all the link lights to return to green. Broadcast traffic is contained within each VLAN. S1#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram S1#delete vlan. This default action of switches is why VLANs can improve network performance. Then enter privileged EXEC mode with the password class. Notice that the switches now forward the ARP requests out all ports. To observe broadcast traffic without VLANs. On all three switches.1. All contents are Copyright © 1992–2007 Cisco Systems. Page 2 of 2 . Because PC4 is the destination.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Notice that the ping from PC1 to PC6 still fails. Ping from PC1 to PC4.4: Investigating a VLAN Implementation Step 2. This document is Cisco Public Information. PC1 and PC4 both belong to VLAN 10. Why? What is required for this ping to succeed? __________________________________________________________________________________ __________________________________________________________________________________ __________________________________________________________________________________ PC6 is on a different network than PC1. Inc. so the path of the ARP request is the same as before. Reload the switches. To accelerate this process. switch back and forth between Simulation and Reatime mode.dat? [confirm] Enter Step 2. Click the Capture/Forward button to step through the process. All rights reserved. there needs to be a router or a Layer 3 switch between PC1 and PC6 to provide routing between the two different Layer 3 networks. except the port on which the ARP request was received.dat Delete filename [vlan.

Which interfaces are currently set to trunk? ________________________________ FastEthernet0/1 ________________________________ FastEthernet0/3 All contents are Copyright © 1992–2007 Cisco Systems. enter user EXEC mode with the password cisco. Page 1 of 2 . and VLAN tagging information. Then enter privileged EXEC mode with the password class. note which interfaces are set to trunk. This activity opens with completion at 100% and focuses on viewing switch configuration.PT Activity 3. You will see the command switchport mode trunk under those interfaces. Inc.3: Investigating VLAN Trunks (Instructor Version) Topology Diagram Learning Objectives • • • Activate interface VLAN 99 View the switch configuration Investigate the VLAN tag in the frame header Introduction Trunks carry the traffic of multiple VLANs through a single link. S1#show running-config Viewing the running configuration. Task 1: View the Switch Configuration On S1. issue the show running-config command. This document is Cisco Public Information. At the privileged EXEC prompt. making them a vital part of communicating between switches with VLANs. All rights reserved. trunk configuration.2.

CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Click View Previous Events when prompted. Inc. All rights reserved. Under the Info column. This document is Cisco Public Information. If link lights are still amber. Step 3.3: Investigating VLAN Trunks The switchport trunk native vlan 99 command is also listed under a number of interfaces. VLAN 99 is the native VLAN. Investigate the PDU details at one of the switches. TPID: 0x810. What are the purposes of these two fields? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The first field. All contents are Copyright © 1992–2007 Cisco Systems. The second field. PC4 sends back an ARP reply to PC1. Finally. Scroll to the top of the event list. Because PC1 and PC4 are on the same VLAN and Layer 3 network. Notice the two fields that follow the source MAC address. Then click the Inbound PDU Details tab. click the colored box for the event from S2 to S1. PC1 then sends a ping to PC4. Task 2: Investigate the VLAN Tag in the Frame Header Step 1. PC4 replies to the ping. Click PC1 and then PC4. it contains the VLAN ID. is the tag control information field. Use the Add Simple PDU tool.2. is used to identify the protocol type in the frame. Ping from PC1 to PC4. Among other things. Step 2. This command is used for setting the native VLAN for the trunk link. Click Capture/Forward to observe the ping. Ethernet frame types use the TPID 0x810. Page 2 of 2 . In this case. switch back and forth between Realtime and Simulation mode until link lights turn green. TCI: 0x10.

changing the native VLAN. This document is Cisco Public Information. issue the show running-config command to verify the current running configuration. enter user EXEC mode with the password cisco. Verify the current running configuration on the switches. issue the show vlan command. and configuring trunk links. or added. On S1. All contents are Copyright © 1992–2007 Cisco Systems. Then enter privileged EXEC mode with the password class. On all three switches.4: Configuring VLANs and Trunks (Instructor Version) Topology Diagram Learning Objectives • • • • View the default VLAN configuration Configure VLANs Assign VLANs to ports Configure trunking Introduction VLANs are helpful in the administration of logical groups. All rights reserved. Page 1 of 5 .PT Activity 3. By default. Step 2. Display the current VLANs. From privileged EXEC mode on all three switches.3. This activity focuses on creating and naming VLANs. changed. Task 1: View the Default VLAN Configuration Step 1. all interfaces are assigned to VLAN 1. The only VLANs present are the default ones. The basic configurations are already set. allowing members of a group to be easily moved. but there are no VLAN assignments. Inc. assigning access ports to specific VLANs.

create four VLANs using the vlan-ids and the names shown below: S1(config)#vlan 10 S1(config-vlan)#name S1(config-vlan)#vlan S1(config-vlan)#name S1(config-vlan)#vlan S1(config-vlan)#name S1(config-vlan)#vlan S1(config-vlan)#name Faculty/Staff 20 Students 30 Guest(Default) 99 Management&Native Step 2. After creating the VLANs. Fa0/11. Fa0/19. On S1. All rights reserved. Fa0/23. VLANs contain the broadcasts within each VLAN.-----------------------------. Fa0/14. all broadcast traffic is sent out all ports on the switch. Verify connectivity between PCs on the same network. Use the name vlan-name command to name a VLAN. Fa0/18. Fa0/10.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. The command vlan vlan-id creates a VLAN. Verify the VLAN configuration. Fa0/7. Fa0/16 Fa0/17. Fa0/22. S1#show vlan brief VLAN Name Status Ports ---. Fa0/4 Fa0/5. What benefit will configuring VLANs provide to the current configuration? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Currently. return to privileged EXEC and issue the show vlan brief command to verify the creation of the new VLANs. This greatly increases the traffic on all access and trunk links as well as increases CPU usage on the switches and PCs. except for the port on which the broadcast was received.3. Task 2: Configure VLANs Step 1. Inc. Page 2 of 5 . Notice that each PC can ping the other PC that shares the same network: • • PC1 can ping PC4 PC2 can ping PC5 • PC3 can ping PC6 Pings to PCs in other networks fail.4: Configuring VLANs and Trunks Step 3. Fa0/6. Fa0/24 Gig1/1. Fa0/8 Fa0/9. This document is Cisco Public Information.------------------------------1 default active Fa0/1. Create VLANs on S1. Fa0/15. Gig1/2 10 Faculty/Staff active 20 Students active 30 Guest(Default) active 99 Management&Native active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active All contents are Copyright © 1992–2007 Cisco Systems. Fa0/12 Fa0/13.--------. Fa0/3. Fa0/2. Fa0/20 Fa0/21.

PCs that shared the same network could ping each other successfully. Inc. S2(config)#interface fastEthernet 0/6 S2(config-if)#switchport mode access S2(config-if)#switchport access vlan 30 S2(config-if)#interface fastEthernet 0/11 S2(config-if)#switchport mode access S2(config-if)#switchport access vlan 10 S2(config-if)#interface fastEthernet 0/18 S2(config-if)#switchport mode access S2(config-if)#switchport access vlan 20 Step 2. If not. Previously. Although the access ports are assigned to the appropriate VLANs. The switchport access vlan vlan-id command assigns a VLAN to the port. do not forward VLAN 10 traffic (traffic from PC1 and PC4) out the interface to S1. Check results. Step 1. An access port can only be assigned one access VLAN. Task 3: Assign VLANs to Ports The range command greatly reduces the amount of repetitive commands you must enter when configuring the same commands on multiple ports. If not. However. Step 4. Your completion percentage should be 75%. Try pinging between PC1 and PC4. active On S2 and S3. S3 uses the same VLAN access port assignments that you configured on S2. Assign VLANs to the active ports on S2. Step 4. Assign VLANs to the active ports on S3. Assign VLANs to the active ports on S3. Verify loss of connectivity. Your completion percentage should be 38%. Step 5.3. Why? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The interfaces between S2 and S1 and between S3 and S1 are not yet configured as trunks. click Check Results to see which required components are not yet completed.4: Configuring VLANs and Trunks 1005 trnet-default S1# Step 3. Use the show vlan brief command to verify all VLANs are configured and named. The switchport mode access command configures the interface as an access port. Page 3 of 5 . Create the VLANs on S2 and S3.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Enter the following commands on S2. the ping fails. therefore. S2 and S3. All rights reserved. use the same commands you used on S1 to create and name the VLANs. Packet Tracer does not support the range command. So only the active interfaces are graded for the switchport mode access command. Step 3. All contents are Copyright © 1992–2007 Cisco Systems. Check results. Verify the VLAN configuration. This document is Cisco Public Information. Nor are these interfaces configured as access links for the VLAN assigned to PC1 and PC4. click Check Results to see which required components are not yet completed.

3. S1(config)#interface FastEthernet 0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#interface FastEthernet 0/3 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 The trunk port takes about a minute to become active again. Dynamic Trunking Protocol (DTP) has automatically enabled the Fast Ethernet 0/1 port on S2 for trunking. Step 2. the native VLAN on S2 and S3 is set to the default VLAN 1. Configure S1 Fa0/1 and Fa0/3 for trunking and to use VLAN 99 as the native VLAN. the ports on S2 and S3 that connect to S1 become inactive. You can switch between Realtime and Simulation modes three or four times to quickly bring the port back up. %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/3 (99). This document is Cisco Public Information. Then. However. DTP messages sent from S1 to S2 automatically informed S1 to move the state of Fa0/1 to trunking. Page 4 of 5 . Once you configured the mode to trunking on S1.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. pings between PCs on the same VLAN are now successful.4: Configuring VLANs and Trunks Task 4: Configure Trunking Step 1. with S3 FastEthernet0/3 (1). DTP has automatically negotiated the other side of the trunk links. Once the ports become active. you periodically receive the following syslog messages: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet0/1 (99). In this case. with S2 FastEthernet0/1 (1). Step 3. Again. All rights reserved. S2 and S3 have now automatically configured the ports attached to S1 as trunking ports. Although there is currently a native VLAN mismatch. Verify connectivity between devices on the same VLAN. Why? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Pings are successful because trunking has been enabled on S1. Verify trunking is enabled on S2 and configure VLAN 99 as the native VLAN. You configured the native VLAN on S1 to be VLAN 99. switch between Realtime and Simulation modes three or four times to quickly bring the ports back up. This can be verified with the following command on S1: S2#show interface fastEthernet 0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) <output omitted> S2# All contents are Copyright © 1992–2007 Cisco Systems. Inc.

This document is Cisco Public Information. S2(config-if)#switchport trunk native vlan 99 Step 4. resulting in a native VLAN mismatch. S3#show interfaces fastEthernet 0/3 switchport Name: Fa0/3 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) <output omitted> S3# Configure the administrative mode of the trunking interface to be in trunk mode.4: Configuring VLANs and Trunks Notice that the administrative mode is set to dynamic auto. Step 4. configure the trunking port with the switchport trunk native vlan 99 command. Inc. so the operation mode is trunk. As a best practice. DTP has negotiated trunking.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Check results. Your completion percentage should be 100%. All contents are Copyright © 1992–2007 Cisco Systems. This is the default state of all ports on a Cisco IOS switch. S2(config)#interface FastEthernet 0/1 S2(config-if)#switchport mode trunk To correct the native VLAN mismatch. and correct the native VLAN mismatch with the switchport trunk native vlan 99 command. Verify trunking is enabled on S3 and configure VLAN 99 as the native VLAN.3. If not. However. click Check Results to see which required components are not yet completed. This ensures that the interface is statically configured as a trunk port and never negotiates a different mode. Page 5 of 5 . configure the administrative mode of the trunking interface to be in trunk mode. DTP has also successfully negotiated a trunk between S1 and S3. All rights reserved.

20.255. Page 1 of 3 .255.17.22 172.0 Default Gateway 172.21 172.20.17.255.24 172.30.1 172.23 172.PT Activity 3.0 255. This document is Cisco Public Information.255. All rights reserved.17. Inc.25 172.17.30.1 172.255.17.17.1 172.255.1 Learning Objectives • • • Test connectivity Investigate connectivity problems by gathering data Implement the solution and test connectivity All contents are Copyright © 1992–2007 Cisco Systems.4.0 255.30.10.255.17.255.17.17.26 Subnet Mask 255.17.1 172.20.255.17.20.255.30.255.10.17.10.0 255.255.2: Troubleshooting a VLAN Implementation (Instructor Version) Topology Diagram Addressing Table Device PC1 PC2 PC3 PC4 PC5 PC6 IP Address 172.10.0 255.1 172.0 255.

these tests will fail at this point. However.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. The following tests should be successful at the conclusion of this activity. Interface fa0/1 on S1 is configured for access mode. PC1 to PC4 Problem: ___________________________________________________________________________ Interface fa0/11 on S2 is configured for VLAN 30. Verify the configuration on the PCs. All rights reserved. Verify the configuration on the switches. Solution: ___________________________________________________________________________ Assign interface fa0/11 on S2 to VLAN 10 and configure fa0/1 on S1 to trunk mode. Inc. This document is Cisco Public Information. Page 2 of 3 .2: Troubleshooting a VLAN Implementation Introduction In this activity. Any solution you implement must conform to the topology diagram. All solutions must conform to the topology diagram.4. What are the reasons why connectivity failed between the PCs? What are the solutions? There could be more than one problem and more than one solution. you will troubleshoot connectivity problems between PCs on the same VLAN. • • • PC1 cannot ping PC4 PC2 cannot ping PC5 PC3 cannot ping PC6 Task 2: Gather Data on the Problem Step 1. Solution: ___________________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems. Are the configurations on the switches correct? Be sure to verify the following: • • • Ports assigned to the correct VLANs Ports configured for the correct mode Ports connected to the correct device Step 3: Document the problem and suggest solutions. PC2 to PC5 Problem: ___________________________________________________________________________ PC5 is actually connected to fa0/17. Task 1: Test Connectivity between PCs on the same VLAN Use the Add Simple PDU tool to ping between two PCs on the same VLAN. Are the following configurations for each PC correct? • • • IP address Subnet mask Default gateway Step 2. which is on VLAN 10. The activity is complete when you achieve 100% and the PCs can ping the other PCs on the same VLAN.

2: Troubleshooting a VLAN Implementation Delete the connection between PC5 and S3. Check completion percentage. return to Task 2 to continue troubleshooting. Then.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. All rights reserved. you should create new pings. Step 3. Task 3: Implement the Solution and Test Connectivity Step 1: Make changes according to the suggested solutions in Task 2. make a new connection from PC5 to the fa0/18 interface on S3. • • • PC1 should be able to ping PC4 PC2 should be able to ping PC5 PC3 should be able to ping PC6 Can PC1 ping PC4? ___________ Should be yes after solution implementation Can PC2 ping PC5? ___________ Should be yes after solution implementation Can PC3 ping PC6? ___________ Should be yes after solution implementation If any pings fail. You will not be able to click Check Results and see which required components are not yet completed All contents are Copyright © 1992–2007 Cisco Systems. If you change any IP configurations. If not. Solution: ___________________________________________________________________________ Change the IP address to the correct one according to the topology diagram. Inc. return to Step 1 and continue to implement your suggested solutions. Your completion percentage should be 100%. according to the topology diagram. This document is Cisco Public Information. PC3 to PC6 Problem: ___________________________________________________________________________ The IP address of PC6 is incorrect. Step 2: Test connectivity between PCs on the same VLAN.4. because the prior pings use the old IP address. Page 3 of 3 .

1: Basic VLAN Configuration (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.17.30.22 172.255.17. Page 1 of 6 .255.17.99.10.255.99.0 255.21 172.255.17.17.0 255.10.17.PT Activity 3.17.17.255.13 172.0 255.255.255.255.255.1 172.1 172.10.255.17.0 255.0 Default Gateway N/A N/A N/A 172.255.99.255.0 255.0 255. All rights reserved.255.5. This document is Cisco Public Information.17.255.10.20.11 172.17.20.12 172.24 172.0 255.17.23 172.255. Inc.20.26 Subnet Mask 255.17.0 255.1 172.255.30.255.17.30.20.17.1 172.1 172.1 All contents are Copyright © 1992–2007 Cisco Systems.25 172.30.255.

17.1: Basic VLAN Configuration Port Assignments (Switches 2 and 3) Ports Fa0/1 – 0/5 Fa0/6 – 0/10 Fa0/11 – 0/17 Fa0/18 – 0/24 Assignment VLAN 99 – Management&Native VLAN 30 – Guest(Default) VLAN 10 – Faculty/Staff VLAN 20 – Students Network 172.99.0/24 172. Page 2 of 6 . There are four VLANs to configure for this activity.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. You will change the PC1 IP address later. you will be in vlan configuration mode.20.10. Inc.17. All rights reserved. Configure an EXEC mode password of class. S1(config)#vlan 99 S1(config-vlan)#name Management&Native S1(config-vlan)#exit S1(config)#vlan 10 S1(config-vlan)#name Faculty/Staff All contents are Copyright © 1992–2007 Cisco Systems. This document is Cisco Public Information. Task 2: Configure and Activate Ethernet Interfaces Configure the Ethernet interfaces of the six PCs with the IP addresses and default gateways from the addressing table. and change ports Verify VLAN configuration Enable trunking on inter-switch connections Verify trunk configuration Save the VLAN configuration Task 1: Perform Basic Switch Configurations Perform Basic Switch Configurations.0/24 172. Note: The IP address for PC1 will be marked as wrong for now. Create VLANs on switch S1. • • • • • Configure the switch hostnames.0/24 172. Task 3: Configure VLANs on the Switch Step 1. move. Disable DNS lookup.17. Configure a password of cisco for vty connections.30. Configure a password of cisco for console connections.5. where you can assign a name to the VLAN with the vlan name command. Use the vlan vlan-id command in global configuration mode to add VLANs to switch S1. Packet Tracer will only grade switch hostnames. After you create the VLAN.17.0/24 Learning Objectives • • • • • • • • Perform basic configuration tasks on a switch Create VLANs Assign switch ports to a VLAN Add.

All contents are Copyright © 1992–2007 Cisco Systems. Fa0/2. Configure and name VLANs on switches S2 and S3.-----------------------------.--------. 30. Fa0/16. and 99 on S2 and S3 using the commands from Step 1. This document is Cisco Public Information. Fa0/24. Fa0/8. Fa0/4. Packet Tracer will only grade the first interface in each range (the interface the PC is connected to). All rights reserved. Fa0/15. using the switchport access vlan vlan-id command. Verify that the VLANs have been created on S1. Ports are assigned to VLANs in interface configuration mode. [OK] Note: The Fa0/11 access VLAN will be marked as wrong for now. Fa0/11.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Page 3 of 6 . Inc. Refer to the port assignment table. What ports are currently assigned to the four VLANs you have created? _______________________________________ none Step 4.5... 20. Repeat the same commands on S3. Fa0/23. S1#show vlan brief VLAN Name Status Ports ---. Fa0/21 Fa0/22. Fa0/19. but Packet Tracer does not support this command. Use the show vlan brief command to verify that the VLANs have been created. Gi0/1 Gi0/2 10 Faculty/Staff active 20 Students active 30 Guest(Default) active 99 Management&Native active Step 3. S2(config)#interface fastEthernet0/6 S2(config-if)#switchport access vlan 30 S2(config-if)#interface fastEthernet0/11 S2(config-if)#switchport access vlan 10 S2(config-if)#interface fastEthernet0/18 S2(config-if)#switchport access vlan 20 S2(config-if)#end S2#copy running-config startup-config Destination filename [startup-config]? [enter] Building configuration.1: Basic VLAN Configuration S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#name Students S1(config-vlan)#exit S1(config)#vlan 30 S1(config-vlan)#name Guest(Default) S1(config-vlan)#exit Step 2. Verify the correct configuration with the show vlan brief command. Fa0/9 Fa0/10. Fa0/7. Assign switch ports to VLANs on S2 and S3. You will correct this later in the activity. Fa0/5 Fa0/6.------------------------------1 default active Fa0/1. Fa0/17 Fa0/18. Create and name VLANs 10. Normally you would use the interface range command. Fa0/13 Fa0/14. Fa0/20. Fa0/12.

By default. the native VLAN is VLAN 99. a native VLAN serves as a common identifier on opposing ends of a trunk link. You assign the management VLAN an IP address and subnet mask.255. Determine which ports have been added. You do not want an arbitrary user who is connecting to a switch to default to the management VLAN. From interface configuration mode.17. Page 4 of 6 .0 S1(config-if)#no shutdown S2(config)#interface vlan 99 S2(config-if)#ip address 172. Untagged traffic is generated by a computer attached to a switch port that is configured with the native VLAN. as opposed to an access port.1Q VLAN encapsulation. Step 7. You can also view VLAN assignment information using the show interfaces switchport command. Inc.1Q trunking.17. Because VLAN 99 is configured as the management VLAN. Recall that you configured the management VLAN as VLAN 99 earlier in this lab. SSH. Use the show vlan id vlan-number command on S2 to see which ports are assigned to VLAN 10.1Q trunk port. the trunks must specify which method is being used.1Q trunk port supports traffic coming from many VLANs (tagged traffic) as well as traffic that does not come from a VLAN (untagged traffic). VLAN 1 is a bad choice as the management VLAN.0 S3(config-if)#no shutdown Assigning a management address allows IP communication between the switches.0 S2(config-if)#no shutdown S3(config)#interface vlan 99 S3(config-if)#ip address 172.13 255. it is not specified in this activity. Because the 2960 switch only supports 802. Because the out-of-the-box configuration of a Cisco switch has VLAN 1 as the default VLAN. which can only belong to a single VLAN.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. any ports assigned to this VLAN are considered management ports and should be secured to control which devices can connect to these ports.17.5. The 802.99. A management VLAN is any VLAN that you configure to access the management capabilities of a switch. Assign the management VLAN.1Q specifications for Native VLANs is to maintain backward compatibility with untagged traffic common to legacy LAN scenarios. VLAN 1 serves as the management VLAN if you did not specifically define another VLAN.255.99. or SNMP.255.1: Basic VLAN Configuration Step 5. A switch can be managed via HTTP. It is a best practice to use a VLAN other than VLAN 1 as the native VLAN.255.255. An 802. One of the IEEE 802. Step 6. a trunk port belongs to all VLANs. use the ip address command to assign the management IP address to the switches.99. All rights reserved. This document is Cisco Public Information. Telnet. and also allows any host connected to a port assigned to VLAN 99 to connect to the switches. S1(config)#interface fa0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#interface fa0/2 All contents are Copyright © 1992–2007 Cisco Systems. S1(config)#interface vlan 99 S1(config-if)#ip address 172. Which ports are assigned to VLAN 10? _____________________________________________ Fa0/11 Note: The show vlan name vlan-name displays the same output.12 255. For the purposes of this activity. If the switch supports both ISL and 802.11 255. In the topology. Configure trunking and the native VLAN for the trunking ports on all switches. Trunks are connections between the switches that allow the switches to exchange information for all VLANS.255. A native VLAN is assigned to an 802.1Q trunk port places untagged traffic on the native VLAN.

.10.99. round-trip min/avg/max = 1/2/9 ms S1#ping 172.30.99.1002.1002.99.17. the ping is successful.13 Type escape sequence to abort. This document is Cisco Public Information.1005 1.1002. they cannot communicate without a Layer 3 device to route between the separate subnetworks.1004.99..30.1q Status trunking trunking Native vlan 99 99 Vlans allowed on trunk 1-1005 1-1005 Vlans allowed and active in management domain 1.17. Sending 5.99.30. Verify that the switches can communicate.17. Inc.1004.17. Ping several hosts from PC2. round-trip min/avg/max = 1/1/1 ms Step 9.20. Is the ping attempt successful? _________ yes Because PC2 is in the same VLAN and the same subnet as PC5.20.17. ping the management address on both S2 and S3. 100-byte ICMP Echos to 172.12.21).CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. All rights reserved.!!! Success rate is 80 percent (4/5).1005 1.1003.1003.99.13. timeout is 2 seconds: .12.99.1002.30.1005 Vlans in spanning tree forwarding state and not pruned 1. timeout is 2 seconds: .99. 100-byte ICMP Echos to 172.10. All contents are Copyright © 1992–2007 Cisco Systems. Sending 5.1q 802.1003.20. Is the ping attempt successful? _________ no Ping from host PC2 to the switch VLAN 99 IP address 172.!!! Success rate is 100 percent (5/5). Page 5 of 6 . From S1.1003. Ping from host PC2 to host PC5. S1#ping 172.1004.1004. Is the ping attempt successful? _________ no Because these hosts are on different subnets and in different VLANS.17.5.1005 Step 8.1: Basic VLAN Configuration S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#end S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 99 S2(config-if)#end S3(config)#interface fa0/2 S3(config-if)#switchport mode trunk S3(config-if)#switchport trunk native vlan 99 S3(config-if)#end Verify that the trunks have been configured with the show interface trunk command.20.10. Ping from host PC2 to host PC1 (172.12 Type escape sequence to abort.99. S1#show interface trunk Port Mode Fa0/1 on Fa0/2 on Port Fa0/1 Fa0/2 Port Fa0/1 Fa0/2 Port Fa0/1 Fa0/2 Encapsulation 802.10.10.

5. After you reassign a port to a new VLAN. S2#configure terminal Enter configuration commands. Page 6 of 6 . The port connected to PC2 (S2 Fa0/18) is assigned to VLAN 20. Move PC1 into the same VLAN as PC2.20. Change the IP address on PC1 to 172. Once again.21. ping from host PC2 to host PC1. Ping from host PC2 to host PC1.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Reassign the S2 Fa0/11 port to VLAN 20. All contents are Copyright © 1992–2007 Cisco Systems. Inc. one per line. using the newly assigned IP address. You do not need to first remove a port from a VLAN to change its VLAN membership. This document is Cisco Public Information. Is the ping attempt successful? _________ no Step 11. All rights reserved. S2(config)#interface fastethernet 0/11 S2(config-if)#switchport access vlan 20 S2(config-if)#end End with CNTL/Z.17. Is the ping attempt successful? _________yes Why was this attempt successful? ____________________________________________________________________________________ ____________________________________________________________________________________ Hosts must be in the same VLAN and in the same subnet to communicate directly through the switches. The subnet mask and default gateway can remain the same. and the port connected to PC1 (S2 Fa0/11) is assigned to VLAN 10.1: Basic VLAN Configuration Step 10. that port is automatically removed from its previous VLAN. Change the IP address and network on PC1.

21 192.255.255.168.255. Page 1 of 6 .22 192.168.30.10.168.56. This document is Cisco Public Information.20.1 192.255.168.56.255.255.0 255.30.10.255.0 255.255.255.168.255.255.168.10.0 Default Gateway N/A N/A N/A 192.168.255.20.56.30.1 192.0 255.0 255.1 All contents are Copyright © 1992–2007 Cisco Systems.0 255.PT Activity 3.1 192. Inc.20.168.20.26 Subnet Mask 255.168.255. All rights reserved.0 255.2: Challenge VLAN Configuration (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 56 VLAN 56 VLAN 56 NIC NIC NIC NIC NIC NIC IP Address 192.1 192.255.23 192.168.1 192.168.10.255.168.24 192.13 192.255.255.0 255.255.11 192.0 255.168.168.25 192.5.20.168.12 192.

CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.0/24 Learning Objectives • • • • • • • • Perform basic configuration tasks on a switch Create VLANs Assign switch ports to a VLAN Add.168.0/24 192.56. enable configure terminal no ip domain-lookup enable secret class ! ! line con 0 password cisco login ! line vty 0 4 password cisco login end copy running-config startup-config All contents are Copyright © 1992–2007 Cisco Systems.168. Disable DNS lookup.30.168.5. Configure a password of cisco for console connections.168.2: Challenge VLAN Configuration Port Assignments (Switches 2 and 3) Ports Fa0/1 – 0/5 Fa0/6 – 0/10 Fa0/11 – 0/17 Fa0/18 – 0/24 Assignment VLAN 99 – Management&Native VLAN 30 – Guest(Default) VLAN 10 – Faculty/Staff VLAN 20 – Students Network 192.0/24 192.10.20. Page 2 of 6 . All rights reserved. • Configure a password of cisco for vty connections. Inc. Configure an EXEC mode password of class. This document is Cisco Public Information.0/24 192. Packet Tracer will only grade hostnames. move. and change ports Verify VLAN configuration Enable trunking on inter-switch connections Verify trunk configuration Save the VLAN configuration Task 1: Perform Basic Switch Configurations Configure the switches according to the following guidelines. • • • • Configure the switch hostname.

S1(config)#vlan 56 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 10 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 30 S1(config-vlan)#name S1(config-vlan)#exit Management&Native Faculty/Staff Students Guest(Default) Step 2. Create VLANs on switch S1. You will change the PC1 address later in the activity. Inc.2: Challenge VLAN Configuration Task 2: Configure and Activate Ethernet Interfaces Step 1. Fa0/2. Fa0/10. Fa0/12 Fa0/13. Verify that the VLANs have been created on S1. All rights reserved. Fa0/16 All contents are Copyright © 1992–2007 Cisco Systems. Configure the Ethernet interfaces of the six PCs with the IP addresses and default gateways from the addressing table at the beginning of the activity. The VLAN IDs and names are listed in the Port Assignments table at the beginning of this activity. The IP address for PC1 will be graded as incorrect for now. This document is Cisco Public Information. Fa0/15. Fa0/7. S2(config)#interface fa0/6 S2(config-if)#switchport mode access S2(config-if)#interface fa0/11 S2(config-if)#switchport mode access S2(config-if)#interface fa0/18 S2(config-if)#switchport mode access S3(config)#interface fa0/6 S3(config-if)#switchport mode access S3(config-if)#interface fa0/11 S3(config-if)#switchport mode access S3(config-if)#interface fa0/18 S3(config-if)#switchport mode access Task 3: Configure VLANs on the Switch Step 1. Fa0/11. Fa0/14.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Step 2. Enable the user ports for access on S2 and S3.--------.-----------------------------.------------------------------1 default active Fa0/1. Page 3 of 6 . S1#show vlan brief VLAN Name Status Ports ---. Use the show vlan brief command to verify that the VLANs have been created. Fa0/3. Fa0/4 Fa0/5. Configure the PCs. Fa0/8 Fa0/9.5. Fa0/6.

Configure. Fa0/19.255. Fa0/11 Step 6.168.56. Fa0/24 Gig1/1. All rights reserved.56. and 56 on S2 and S3 using the commands from Step 1. [OK] Step 5. Fa0/23...13 255. S1(config)#interface fa0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 56 S1(config-if)#no shutdown S1(config-if)#interface fa0/2 All contents are Copyright © 1992–2007 Cisco Systems.255. Note: The S2 Fa0/11 port will be graded incorrect for now and Packet Tracer will only grade the first port assignment for each VLAN. Use the show vlan id vlan-number command on S2 to see which ports are assigned to VLAN 10. Configure management VLAN 56 on each of the switches.0 S2(config-if)#no shutdown S3(config)#interface vlan 56 S3(config-if)#ip address 192. 30.255. Fa0/20 Fa0/21.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Fa0/18. and verify VLANs on switches S2 and S3. name. Step 4.12 255. Create and name VLANs 10.2: Challenge VLAN Configuration Fa0/17.56. S3(config)#interface fa0/6 S3(config-if)#switchport access vlan 30 S3(config-if)#interface fa0/11 S3(config-if)#switchport access vlan 10 S3(config-if)#interface fa0/18 S3(config-if)#switchport access vlan 20 S3(config-if)#end S3#copy running-config startup-config Destination filename [startup-config]? [enter] Building configuration. Assign switch ports to VLANs on S2 and S3.255.5.255. Inc.255.168. Gig1/2 10 20 30 56 Faculty/Staff Students Guest(Default) Management&Native active active active active Step 3. This document is Cisco Public Information. 20.0 S1(config-if)#no shutdown S2(config)#interface vlan 56 S2(config-if)#ip address 192. Verify that the trunks have been configured. Verify the correct configuration with the show vlan brief command.0 S3(config-if)#no shutdown Step 7.11 255. Fa0/22. Configure trunking and the native VLAN for the trunking ports on all three switches. Determine which ports have been added to VLAN 10 on S2.168. Page 4 of 6 . S1(config)#interface vlan 56 S1(config-if)#ip address 192.

Is the ping successful? No.10. and S3 can communicate. Sending 5. they cannot communicate without a Layer 3 device to route between the separate subnets.13. Sending 5.168.56 1. ping the management address on both S2 and S3. This document is Cisco Public Information. timeout is 2 seconds: .21). Verify that S1. Ping several hosts from PC2.168.20. What is the result? Ping from host PC2 to the PC1 (192. Inc.56 1.168.30.10.10.30. timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5).168.30.56. S2.168.20. Page 5 of 6 . round-trip min/avg/max = 1/1/1 ms Step 9.10.20.2: Challenge VLAN Configuration S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 56 S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 56 S2(config-if)#no shutdown S2(config-if)#end S3(config)#interface fa0/2 S3(config-if)#switchport mode trunk S3(config-if)#switchport trunk native vlan 56 S3(config-if)#no shutdown S3(config-if)#end Verify that the trunks have been configured with the show interface trunk command.20.56. S1#ping 192.1q 802.56 Step 8. Because these hosts are on different subnets and in different VLANS.56.168.5. round-trip min/avg/max = 1/2/9 ms S1#ping 192.12 Type escape sequence to abort.56 Vlans in spanning tree forwarding state and not pruned 1. 100-byte ICMP Echos to 192.!!!! Success rate is 80 percent (4/5).13 Type escape sequence to abort. All contents are Copyright © 1992–2007 Cisco Systems.1q Status trunking trunking Native vlan 56 56 Vlans allowed on trunk 1-4094 1-4094 Vlans allowed and active in management domain 1.12. From S1. Is the ping successful? No.12.56. Is the ping attempt successful? Yes. Ping from host PC2 to switch VLAN 56 IP address 192.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. S1#show interface trunk Port Fa0/1 Fa0/2 Port Fa0/1 Fa0/2 Port Fa0/1 Fa0/2 Port Fa0/1 Fa0/2 Mode on on Encapsulation 802. Ping from host PC2 to host PC5.56. 100-byte ICMP Echos to 192. All rights reserved.10.30.

Page 6 of 6 . Change the IP address on PC1 to 192.168.2: Challenge VLAN Configuration Because PC2 is in the same VLAN and the same subnet as PC5. All contents are Copyright © 1992–2007 Cisco Systems. Inc. This document is Cisco Public Information. the ping is successful Step 10. Step 11.20. Can PC1 successfully ping PC2? Yes.5. Can PC1 successfully ping PC2? S2#configure terminal Enter configuration commands.21. one per line. All rights reserved. Move PC1 into the same VLAN as PC2. Hosts in the same VLAN and in the same subnet can communicate directly through the switches.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. S2(config)#interface fastethernet 0/11 S2(config-if)#switchport access vlan 20 S2(config-if)#end End with CNTL/Z.

0 255.1 192.255.1 192.1 192.10.168.255.168.3: Troubleshooting VLAN Configurations (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 56 VLAN 56 VLAN 56 NIC NIC NIC NIC NIC NIC IP Address 192.10.255.255.255.23 192.20.255.5.13 192.1 192.0 255.168.0 255.255.255.56.255. All rights reserved.24 192.PT Activity 3.30.56.10.168.10.255.21 192.168.0 Default Gateway N/A N/A N/A 192.26 Subnet Mask 255.0 255.168.168.22 192.168.11 192. Page 1 of 8 .1 192.168.255.255.30.0 255.25 192.20.255.168.56.255.255.168.1 All contents are Copyright © 1992–2007 Cisco Systems.168.30.20.0 255.0 255. Inc.255.255.168.20.255. This document is Cisco Public Information.168.0 255.20.12 192.168.

except the enable secret password. PCs belonging to the same VLAN should be able to ping each other. This. This prevents data for VLAN 56 from being passed properly from switch to switch. especially on a switch where there are no ports in that VLAN. S2.30. you will practice troubleshooting a misconfigured VLAN environment. This document is Cisco Public Information. Your objective is to locate and correct any and all errors in the configurations and establish end-to-end connectivity. All passwords are set to cisco. Page 2 of 8 .168. results All contents are Copyright © 1992–2007 Cisco Systems. Inc. and S3 should be able to ping each other. S1 Errors: vlan 10 name Faculty/Staff vlan 20 name Students vlan 30 name Guest(Default) vlan 56 name Management&Native !It is a common error to forget to create the VLANs on all switches. combined with the native VLAN on the trunk being 56. Task 1: Find and Correct Network Errors Once all errors are corrected. Your final configuration should match the topology diagram and addressing table.0/24 Learning Objectives • • Find and Correct Network Errors Document the Corrected Network Introduction In this activity.20. S1. All rights reserved.3: Troubleshooting VLAN Configurations Port Assignments (Switches 2 and 3) Ports Fa0/1 – 0/5 Fa0/6 – 0/10 Fa0/11 – 0/17 Fa0/18 – 0/24 Assignment VLAN 56 – Management&Native VLAN 30 – Guest(Default) VLAN 10 – Faculty/Staff VLAN 20 – Students Network 192.0/24 192.168.168.0/24 192. In addition. The initial network has errors.56.0/24 192. The show vlan command reveals this problem. which is set to class.168. An error should be produced on the switch. ! interface FastEthernet0/1 switchport trunk native vlan 56 interface FastEthernet0/2 switchport trunk native vlan 56 !Forgetting this command causes a native VLAN mismatch.5. The port is made an access port in VLAN 1 (the default).10.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. S2 Errors: interface FastEthernet0/1 switchport mode trunk !Accidentally misconfiguring these ports as access ports can cause some interesting behavior.

3: Troubleshooting VLAN Configurations in traffic on VLAN 56 being sent on VLAN 1.12 255. This is evident because all the hosts connected to this switch can reach the others because they are all in the default VLAN.255. ! interface Vlan56 ip address 192.255. This however is not correct.56 ! interface FastEthernet0/1 switchport trunk native vlan 56 switchport mode trunk no shutdown ! interface FastEthernet0/2 switchport trunk native vlan 56 switchport mode trunk All contents are Copyright © 1992–2007 Cisco Systems. ! interface Vlan56 ip address 192.30. Page 3 of 8 . All rights reserved. ! interface Vlan1 no ip address !The default VLAN was configured as the management VLAN.56. Task 2: Document the Corrected Network Switch 1 hostname S1 no ip domain-lookup enable secret class ! vlan 10.168.255.255.0 no shutdown !The correct management VLAN was not configured and the IP address was put on the default VLAN. The show ip interface brief command reveals this. The absence of this command is evident through a show ip interface brief command.5. This document is Cisco Public Information. Inc.13 255. This address is reachable if the mistake made on the trunk links is not changed.20.0 no shutdown !This device is not reachable via the management VLAN without an IP address. This can be seen with a show vlan command. It is a common mistake to assume the VLAN exists if you configured the SVI for that VLAN. ! interface FastEthernet0/6 switchport access vlan 30 interface FastEthernet0/11 switchport access vlan 10 interface FastEthernet0/18 switchport access vlan 20 ! !The ports were not put in their respective VLANs.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.168. The show interfaces trunk command reveals this. S3 Errors: vlan 56 name Management&Native !The management VLAN was not configured.56.

255.5. All rights reserved.3: Troubleshooting VLAN Configurations ! interface FastEthernet0/3 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/5 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/6 shutdown ! !<output omitted . Page 4 of 8 .56 ! interface FastEthernet0/1 switchport trunk native vlan switchport mode trunk ! interface FastEthernet0/2 switchport trunk native vlan switchport mode trunk ! interface FastEthernet0/3 switchport trunk native vlan switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan switchport mode trunk ! 56 56 56 56 All contents are Copyright © 1992–2007 Cisco Systems. Inc.30.11 255. This document is Cisco Public Information.0 no ip route-cache ! line con 0 password cisco login line vty 0 4 no login line vty 5 15 password cisco login ! end Switch 2 hostname S2 no ip domain-lookup enable secret cisco ! vlan 10.168.255.20.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.remaining ports on S1 are shutdown> ! ! interface Vlan56 ip address 192.56.

This document is Cisco Public Information.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. All rights reserved. Page 5 of 8 .3: Troubleshooting VLAN Configurations interface FastEthernet0/5 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/6 switchport access vlan 30 switchport mode access ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access ! interface FastEthernet0/10 switchport access vlan 30 switchport mode access ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access ! interface FastEthernet0/14 switchport access vlan 10 switchport mode access ! interface FastEthernet0/15 switchport access vlan 10 switchport mode access ! interface FastEthernet0/16 switchport access vlan 10 switchport mode access ! interface FastEthernet0/17 switchport access vlan 10 switchport mode access ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access ! interface FastEthernet0/19 All contents are Copyright © 1992–2007 Cisco Systems.5. Inc.

0 ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end Switch 3 hostname S3 no ip domain-lookup enable secret class ! vlan 10.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.56 ! interface FastEthernet0/1 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/2 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/3 switchport trunk native vlan 56 All contents are Copyright © 1992–2007 Cisco Systems. Inc. All rights reserved.20.56.30.5.12 255. This document is Cisco Public Information.255.3: Troubleshooting VLAN Configurations switchport access vlan 20 switchport mode access ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access ! interface FastEthernet0/23 switchport access vlan 20 switchport mode access ! interface FastEthernet0/24 switchport access vlan 20 switchport mode access ! ! ! interface Vlan56 ip address 192.255. Page 6 of 8 .168.

Page 7 of 8 .3: Troubleshooting VLAN Configurations switchport mode trunk ! interface FastEthernet0/4 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/5 switchport trunk native vlan 56 switchport mode trunk ! interface FastEthernet0/6 switchport access vlan 30 switchport mode access spanning-tree portfast ! interface FastEthernet0/7 switchport access vlan 30 switchport mode access spanning-tree portfast ! interface FastEthernet0/8 switchport access vlan 30 switchport mode access spanning-tree portfast ! interface FastEthernet0/9 switchport access vlan 30 switchport mode access spanning-tree portfast ! interface FastEthernet0/10 switchport access vlan 30 ! interface FastEthernet0/11 switchport access vlan 10 switchport mode access ! interface FastEthernet0/12 switchport access vlan 10 switchport mode access ! interface FastEthernet0/13 switchport access vlan 10 switchport mode access ! interface FastEthernet0/14 switchport access vlan 10 switchport mode access ! interface FastEthernet0/15 switchport access vlan 10 switchport mode access ! interface FastEthernet0/16 switchport access vlan 10 switchport mode access ! All contents are Copyright © 1992–2007 Cisco Systems. Inc. All rights reserved. This document is Cisco Public Information.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.5.

13 255. All rights reserved.0 ! line con 0 password cisco login line vty 0 4 password cisco login line vty 5 15 password cisco login ! end All contents are Copyright © 1992–2007 Cisco Systems.5. Inc.168.56.255.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. This document is Cisco Public Information.3: Troubleshooting VLAN Configurations interface FastEthernet0/17 switchport access vlan 10 switchport mode access ! interface FastEthernet0/18 switchport access vlan 20 switchport mode access ! interface FastEthernet0/19 switchport access vlan 20 switchport mode access ! interface FastEthernet0/20 switchport access vlan 20 switchport mode access ! interface FastEthernet0/21 switchport access vlan 20 switchport mode access ! interface FastEthernet0/22 switchport access vlan 20 switchport mode access ! interface FastEthernet0/23 switchport access vlan 20 switchport mode access ! interface FastEthernet0/24 switchport access vlan 20 switchport mode access ! interface Vlan56 ip address 192. Page 8 of 8 .255.

20.17.0 255.0 255.255.10.255.17.255.255.255.17.1 172.1 172.255.1: Packet Tracer Skills Integration Challenge (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.30.20.17.99.255.17.255.255.0 255.32 172.99.1 Learning Objectives • • • • • • • Add and connect switches Add and connect PCs Verify basic device configuration and connectivity Configure and verify port security Configure VLANs on the switches Configure trunks on the switches Verify end-to-end connectivity Page 1 of 6 All contents are Copyright © 1992–2007 Cisco Systems.17.17.17.0 255.17.21 172.17.0 255.255.99.30.17.99.99.1 172.255.255.30.0 255.1 172. .26 Subnet Mask 255. This document is Cisco Public Information.1 172.33 172.22 172.17.1 172.10.PT Activity 3.255.6.17.17.255.0 Default Gateway 172.0 255. All rights reserved.20.1 172.30.0 255.17.24 172.31 172.20.255.255.25 172.1 172.10.10.17.255.255.99.23 172.17. Inc.17.

Page 2 of 6 . If not. • • • Connect PC1 to Fa0/11 on S2 Connect PC2 to Fa0/18 on S2 Connect PC3 to Fa0/6 on S2 Step 3. Task 1: Add and Connect the Switches Step 1. Display names are case-sensitive. Connect S3 Fa0/3 to S1 Fa0/3. Inc.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. All contents are Copyright © 1992–2007 Cisco Systems. Step 2. Check results. • • • Connect PC4 to Fa0/11 on S3 Connect PC5 to Fa0/18 on S3 Connect PC6 to Fa0/6 on S3 Step 4. Names are casesensitive. and PC6 to S3. click Check Results to see which required components are not yet completed. PC5. including adding and connecting devices. PC2. If necessary. This document is Cisco Public Information. Step 5. Add the S2 switch.6. Step 3. Step 4. Step 2. Add the S3 switch. PC5. Connect PC4. Change the display name and hostname to S2. you will connect and completely configure the Chapter 3 topology. Connect S3 to S1. and configuring security and VLANs. Change the display name and hostname to S3. Your completion percentage should be 9%. PC2. S2 must be a 2960 series switch. click Check Results to see which required components are not yet completed.1: Packet Tracer Skills Integration Challenge Introduction In this activity. PC4. Connect S2 to S1. • • Add the six PCs according to the chapter topology. and PC3 to S2. If not. Check results. and PC6. change the display name to match the names in the addressing table. S3 must be a 2960 series switch. Your completion percentage should be 29%. Connect S2 Fa0/1 to S1 Fa0/1. Task 2: Add and Connect the PCs Step 1. Connect PC1. Add PC1. PC3. Names are casesensitive. All rights reserved.

observe the broadcast traffic that propagates throughout the LAN until the switches learn the ports of each PC. Check results. If not. • • • • • Set the port to access mode. Step 3. Inc. • • • • • Hostname on S1 Banner Enable secret password Line configurations Service encryption Step 2. Step 4. Verify that the following PCs can ping each other: • • • PC1 to PC4 PC2 to PC5 PC3 to PC6 Step 5. All rights reserved. Configure access links with port security. S2. However. Configure the first learned MAC address to “stick” to the configuration. S2. you configure port security on all access ports or shut down the port if it is not in use. click Check Results to see which required components are not yet completed. Configure each switch with the following basic settings. Configure PC IP addressing. Normally. activate the interface at this time with the appropriate command. Use the following policy to establish port security just on the ports used by the PCs. and S3. This interface is not active until after trunking is configured later in the activity. Set the port to shut down if there is a security violation. Your completion percentage should be 53%. Page 3 of 6 All contents are Copyright © 1992–2007 Cisco Systems. Task 4: Configure and Verify Port Security Step 1.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Enable port security. Configure VLAN 99 as the management VLAN interface on S1.6. . • • Clear the learned MAC addresses so that the switches must broadcast ping packets. Allow only one MAC address. Verify that PCs on the same subnet can ping each other. Configure the management VLAN interface on S1. Use the Add Simple PDU tool to create pings between PCs on the same VLAN. Configure the PCs with IP addressing according to the addressing table.1: Packet Tracer Skills Integration Challenge Task 3: Configure Devices and Verify Connectivity Step 1. This document is Cisco Public Information. Step 6. In simulation mode. In simulation mode. observe the broadcast traffic. Packet Tracer only grades the hostname command. Configure switches with basic commands. and S3.

Verify port security is active for the interfaces attached to PCs. • • • Connect PC2 to the port of PC3.0000.c906 (bia 000a. all the port security tasks listed above are required to complete this activity. Step 3. Page 4 of 6 .41e8. send traffic to the port by pinging across the switch to the other PC on the same subnet. This document is Cisco Public Information. Step 2.0F00. Verify that ports are err-disabled and that a security violation has been logged.0F00. If the MAC address in this field is 0000. What command shows the following output? ________________________________________ show interface fa0/6 FastEthernet0/6 is down.1: Packet Tracer Skills Integration Challenge Force the switches to learn the MAC addresses by sending pings across all three switches Note: Only enabling port security is graded by Packet Tracer.0000.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. Step 4.6668:1 Security Violation Count : 1 All contents are Copyright © 1992–2007 Cisco Systems. and connect PC3 to the port of PC2.6668:1 Security Violation Count : 0 Note: The Last Source Address:Vlan information should show a MAC address.41e8. Your MAC address may be different than the one shown here. line protocol is down (err-disabled) Hardware is Lance.6. However. Inc. Test port security. What command would you use to verify that port security is active on an interface? ____________________________________ show port-security int fa0/6 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0050. The ports for PC2 and PC3 should shut down. Send pings between PCs on the same subnet. All rights reserved.c906) <output omitted> What command shows the following output? ____________________________________ show port-security int fa0/6 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0050. address is 000a.

Gig1/2 10 Faculty/Staff active Fa0/11 20 Students active Fa0/18 30 Guest(Default) active Fa0/6 99 Management&Native active <output omitted> Step 4. S2. Verify VLAN implementation. Your completion percentage should be 75%. Assign access ports to the VLANs. Fa0/14 Fa0/15. Create and name the following VLANs on the switches S1. Fa0/17. All rights reserved. Check results. What command verifies the VLAN configuration. Page 5 of 6 . Fa0/9 Fa0/10. Inc. Task 5: Configure VLANs on the Switches Step 1.------------------------------1 default active Fa0/1. Clear the port security violation. click Check Results to see which required components are not yet completed. This document is Cisco Public Information. Verify that PC2 and PC3 can send pings across S2. Fa0/16. Fa0/4 Fa0/5. If not.--------. Fa0/19 Fa0/20. name = Students VLAN 30. Step 6. Your completion percentage should be 92%.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3.-----------------------------. name = Faculty/Staff VLAN 20. and S3: • • • • VLAN 10. click Check Results to see which required components are not yet completed. name = Guest(Default) VLAN 99. Fa0/22. • • • Connect PC2 and PC3 back to the correct port. All contents are Copyright © 1992–2007 Cisco Systems. Assign the following PC access ports to the VLANs: • • • VLAN 10: PC1 and PC4 VLAN 20: PC2 and PC5 VLAN 30: PC3 and PC6 Step 3. Create and name the VLANs.6. name = Management&Native Step 2. Fa0/7. Fa0/2. Fa0/23 Fa0/24. Gig1/1. Fa0/8. Check results. Reconnect PCs to the correct port and clear port security violations. Fa0/12.1: Packet Tracer Skills Integration Challenge Step 5. If not. including the port assignments? ______________________________________ show vlan brief VLAN Name Status Ports ---. Fa0/21. Fa0/13. Fa0/3.

CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 3. All contents are Copyright © 1992–2007 Cisco Systems. Step 3. Your completion percentage should be 100%. Inc. All rights reserved. Test connectivity After the switch trunk ports transition to the forwarding state (green link lights). Verify that switches S2 and S3 are now in trunking mode.1: Packet Tracer Skills Integration Challenge Task 6: Configure Trunks on the Switches Step 1.6. Configure VLAN 99 as the native VLAN for all trunks. Check results. you should be able to successfully ping between PCs on the same VLAN. Page 6 of 6 . Configure trunking on the appropriate interfaces. click Check Results to see which required components are not yet completed. This document is Cisco Public Information. Step 2. • • • • Configure trunking on the appropriate interfaces on switch S1. Manually configure the appropriate interfaces on S2 and S3 for trunking. If not.

the switches already contain a partial configuration. and S3 Assign VLANs to ports on S2 and S3 Verify VLAN implementation and test connectivity Introduction In this activity. S2. All rights reserved. This document is Cisco Public Information.PT Activity 4.3. Page 1 of 7 . and S3 Verify VTP status on S1. The user EXEC password is cisco and the privileged EXEC password is class. What configurations are already present on the switches? ____________________________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems. you will practice configuring VTP. Task 1: Investigate the Current Configuration Step 1. S2. Verify the current running configuration on the switches.3: Configure VTP (Instructor Version) Topology Diagram Learning Objectives • • • • • • • • Investigate the current configuration Configure S1 as VTP server Configure S2 and S3 as VTP clients Configure VLANs on S1 Configure trunks on S1. When Packet Tracer first opens. Inc.

Fa0/22. Configure the VTP domain name. Configure the VTP mode command. Fa0/19. Set S1 to server mode. S1#show vlan brief VLAN Name Status Ports ---. Inc. Display the current VLANs on each switch. In addition. Remember that VTP domain passwords are case sensitive. Page 2 of 7 . Gig1/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Completion should be at 0% at the end of this Task. S1(config)#vtp password cisco All contents are Copyright © 1992–2007 Cisco Systems. S1(config)#vtp mode server Device mode already VTP SERVER. Fa0/12 Fa0/13. Step 2. Fa0/20 Fa0/21. No user VLANs have been created. Fa0/23. it is important that you explicitly configure this command to insure the switch is in server mode. Fa0/6. Configure the VTP domain password. Configure S1 with cisco as the VTP domain password. Fa0/8 Fa0/9. Fa0/14. line configurations and a banner. Fa0/24 Gig1/1. Fa0/4 Fa0/5.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Fa0/3. Step 2. Task 2: Configure S1 as VTP Server Step 1. Fa0/11. Configure S1 with CCNA as the VTP domain name. Fa0/15. Fa0/2. Fa0/7.3.--------. Fa0/16 Fa0/17. Fa0/18.-----------------------. S1 will be the server for VTP.3: Configure VTP ____________________________________________________________________________________ ____________________________________________________________________________________ The switches are already configured with hostnames.----------------------------1 default active Fa0/1. Are there any VLANs present? Are the VLANs user created VLANs or default VLANs? ____________________________________________________________________________________ The VLANs are default VLANs. Fa0/10. passwords. Remember that VTP domain names are case sensitive. However. This document is Cisco Public Information. S1(config)# Notice that the switch is already set to server mode by default. All rights reserved. interface VLAN 99 has been created and configured. S1(config)#vtp domain CCNA Changing VTP domain name from NULL to CCNA S1(config)# Step 3.

Confirm configuration changes. Set these two switches to client mode.0. Use the show vtp status command on S1 to confirm that the VTP mode and domain are configured correctly. Confirm configuration changes. Configure the VTP domain password. Configure the VTP mode command. Task 3: Configure S2 and S3 as VTP Clients Step 1. Step 3. S3#show vtp status VTP Version Configuration Revision : 2 : 0 Page 3 of 7 All contents are Copyright © 1992–2007 Cisco Systems. Check results. Configure the VTP domain name. S2 and S3 will be VTP clients. Remember that VTP domain passwords are case sensitive. . Output for S3 is shown here. they must belong to the same VTP domain. If not. This document is Cisco Public Information. Configure S2 and S3 with CCNA as the VTP domain name. Your completion percentage should be 8%.3.0 at 0-0-00 00:00:00 To verify the VTP password.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4.3: Configure VTP Setting device VLAN database password to cisco S1(config)# Step 4. Before S2 and S3 will accept VTP advertisements from S1. Configure S2 and S3 with cisco as the VTP domain password. Remember that VTP domain names are case sensitive. click Check Results to see which required components are not yet completed. Use the show vtp status command on each switch to confirm that the VTP mode and domain are configured correctly. All rights reserved. S2 and S3 must also use the same password before they can accept VTP advertisements from the VTP server. use the show vtp password command. S1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : CCNA VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63 Configuration last modified by 0.0. Inc. Step 4. S1#show vtp password VTP Password: cisco S1# Step 5. Step 2.

3.3: Configure VTP Maximum VLANs supported locally : 64 Number of existing VLANs : 5 VTP Operating Mode : Client VTP Domain Name : CCNA VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x8C 0x29 0x40 0xDD 0x7F 0x7A 0x63 Configuration last modified by 0. Fa0/14. Fa0/2. Page 4 of 7 . Verify VLANs. Task 4: Configure VLANs on S1 VLANs can be created on the VTP server and distributed to other switches in the VTP domain. Step 1. S1.0 at 0-0-00 00:00:00 Notice that the configuration revision number is 0 on all three switches. Inc. use the show vtp password command. Fa0/7. Fa0/4 Fa0/5. Fa0/16 All contents are Copyright © 1992–2007 Cisco Systems. Check results. Use the show vlan brief command to verify the VLANs and their names. the VLAN names are case-sensitive. or modified.------------------------.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. S3#show vtp password VTP Password: cisco S3# Step 5.-----------------------------1 default active Fa0/1. Your completion percentage should be 31%. Why? ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ The configuration revision number increments by one every time a VLAN is added. No configurations have been made to VLANs on any of the switches.0. deleted. These VLANs will be distributed to S2 and S3 via VTP. All rights reserved. S1#show vlan brief VLAN Name Status Ports ---. For grading purposes in Packet Tracer. • • • • VLAN 10 named Faculty/Staff VLAN 20 named Students VLAN 30 named Guest(Default) VLAN 99 named Management&Native Step 2. If not. Fa0/6. Fa0/3. click Check Results to see which required components are not yet completed. In this task you will create 4 new VLANs on the VTP server. Fa0/11. Create the VLANs. This document is Cisco Public Information. To verify the VTP password. Fa0/15.0. Fa0/8 Fa0/9. Fa0/12 Fa0/13.--------. Fa0/10.

3: Configure VTP Fa0/17. Use the switchport trunk native vlan 99 command to set VLAN 99 as the native VLAN. Fa0/22. However. you will notice that the VLANs are not in their VLAN database? Why not? ____________________________________________________________________________________ ____________________________________________________________________________________ The switches have not been configured to communicate yet. Check results. Step 1. Step 2. Task 6: Verify VTP Status All contents are Copyright © 1992–2007 Cisco Systems. Gig1/2 10 20 30 99 1002 1003 1004 1005 Faculty/Staff Students Guest(Default) Management&Native fddi-default token-ring-default fddinet-default trnet-default active active active active active active active active If you enter the same command on S2 and S3. and S3 Use the switchport mode trunk command to set trunk mode for each of the trunk links. Your completion percentage should be 46%.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Page 5 of 7 . Your completion percentage should be 77%. Fa0/19. Step 4. it is a best practice to configure both sides of the trunk links to the on mode. Once configured. Configure Fast Ethernet 0/3 on S3 for trunking. If not. Fa0/24 Gig1/1. click Check Results to see which required components are not yet completed. click Check Results to see which required components are not yet completed. This can be verified on S2 or S3 with both the show vlan brief command and the show vtp status command. If not. You can verify S2 and S3 are now trunking by entering the show interface fa0/1 switchport command on S2 and the show interface fa0/3 switchport command on S3. Fa0/23. All rights reserved. If you wait a few minutes for Packet Tracer to simulate all the processes. This document is Cisco Public Information. Fa0/18.3. S2. Step 3. Check results. Step 5. S1 will advertise the VLAN configuration to S2 and S3. Dynamic Trunking Protocol (DTP) will bring up the trunk links. Configure Fast Ethernet 0/1 on S2 for trunking. Enter the appropriate commands to configure trunking and set VLAN 99 as the native VLAN. Configure FastEthernet 0/1 and FastEthernet 0/3 on S1 for trunking. Task 5: Configure Trunks on S1. Enter the appropriate commands to configure trunking and set VLAN 99 as the native VLAN. Inc. Enter the appropriate commands to configure trunking and set VLAN 99 as the native VLAN. Fa0/20 Fa0/21.

verify the following. click Check Results to see which required components are not yet completed. Task 8: Verify VLAN Implementation and Test Connectivity All contents are Copyright © 1992–2007 Cisco Systems. Check results. Completion should still be at 77% at the end of this Task. What is the current number of existing VLANs? ___________ 9 Why are there more existing VLANs than the four you created? ____________________________________________________________________________________ The switch has five default VLANs. Inc. If not. delete. Task 7: Assign VLANs to Ports Use the switchport mode access command to set access mode for the access links. you may have to do this multiple times since this will only forward Packet Tracer’s clock by 10 seconds each time. Assign VLANs to ports on S3. All rights reserved. • • • Fa0/11 on VLAN 10 Fa0/18 on VLAN 20 Fa0/6 on VLAN 30 Step 4. However. This document is Cisco Public Information. or modify a VLAN. Assign VLANs to ports on S2. you can switch between Realtime mode and Simulation mode until the next round of updates. Alternatively.3. you can change one of the client switches to transparent mode and then back to client mode. To accelerate this process. • • • Fa0/11 on VLAN 10 Fa0/18 on VLAN 20 Fa0/6 on VLAN 30 Step 2.3: Configure VTP Using the show vtp status and show vlan brief commands. Your completion percentage should be 100%. At a minimum. Step 1. Use the switchport access vlan vlan-id command to assign a VLAN to an access port. Page 6 of 7 . the configuration revision number will be 8: one increment for each vlan vlan-id command. • • S1 should show server status S2 and S3 should show client status • S2 and S3 should have VLANs from S1 Note: VTP advertisements are flooded throughout the management domain every five minutes or whenever a change occurs in VLAN configurations. one increment for each name name command. What is the configuration revision number? ___________ 8 (could be higher if the student made mistakes in their configuration) Why is the configuration revision number higher than the number of VLANs you created? ____________________________________________________________________________________ ____________________________________________________________________________________ The configuration revision number increments each time you add.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4.

Inc. Verify VLAN configuration and port assignments. All contents are Copyright © 1992–2007 Cisco Systems. Step 2.3.3: Configure VTP Step 1. while pings between PCs on different VLANs should fail. All rights reserved. Compare your output to the topology. Page 7 of 7 . From PC3 ping PC6. Test connectivity between PCs. Pings between PCs on the same VLAN should succeed. This document is Cisco Public Information. From PC2 ping PC5. From PC1 ping PC4.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Use the show vlan brief command to verify VLAN configuration and port assignments on each switch.

17.30.20.26 Subnet Mask 255.255.12 172.24 172.255.10.255.17.255.17.17.17.0 Default Gateway N/A N/A N/A 172.99.30. All rights reserved.1 All contents are Copyright © 1992–2007 Cisco Systems.17.255.10. Page 1 of 8 .1 172.17.17.20.1 172.255.255.23 172.PT Activity 4. Inc.255. This document is Cisco Public Information.20.1 172.1 172.17.11 172.17.4.255.30.17.22 172.99.10.0 255.0 255.255.17.0 255.0 255.0 255.255.255.17.21 172.1 172.20.255.17.255.1: Basic VTP Configuration (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.99.25 172.13 172.0 255.17.255.10.0 255.255.30.255.0 255.255.

create and distribute VLAN information and assign ports to VLANs..0 /24 172. learn about VTP modes.17. Inc. Configure a password of cisco for console connections.. All rights reserved.17. S2. Task 1: Perform Basic Switch Configurations Configure the S1.Faculty/Staff VLAN 20 .CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4.30.0/10 Fa0/11 .0 /24 172. one per line.99. Disable DNS lookup.Students Network 172.10.20.17. The initial network opens in a secure state with all ports administratively shutdown.0/17 Fa0/18 . Page 2 of 8 . Switch(config)#hostname S1 S1(config)#enable secret class S1(config)#no ip domain-lookup S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#line vty 0 15 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#end %SYS-5-CONFIG_I: Configured from console by console S1#copy running-config startup-config Destination filename [startup-config]? Building configuration.0/24 Assignment 802. [OK] All contents are Copyright © 1992–2007 Cisco Systems. you will perform basic switch configurations. Configure a password of cisco for vty connections. This document is Cisco Public Information.1q Trunks (Native VLAN 99) VLAN 30 .4. End with CNTL/Z.0 /24 172. Switch>enable Switch#configure terminal Enter configuration commands.Guest (Default) VLAN 10 . configure VTP. trunking.17. Configure an EXEC mode password of class.1: Basic VTP Configuration Port Assignments (S2 and S3) Ports Fa0/1 .0 /24 Learning Objectives • • • Perform basic switch configurations Configure the Ethernet interfaces on the host PCs Configure VTP and security on the switches Introduction In this activity.0/5 Fa0/6 . and S3 switches according to the following guidelines and save all your configurations: • • • • • Configure the switch hostname as indicated on the topology.

PC3. S1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A Configuration last modified by 0. Page 3 of 8 . All rights reserved. S2(config)#interface fa0/6 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/11 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/18 S2(config-if)#switchport mode access S2(config-if)#no shutdown Step 2.0. Inc. Check the current VTP settings on the three switches.0 at 0-0-00 00:00:00 Local updater ID is 0. and PC6 with the IP addresses and default gateways indicated in the addressing table.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. This document is Cisco Public Information. Task 3: Configure VTP and Security on the Switches Step 1.0 at 0-0-00 00:00:00 Local updater ID is 0. Configure the user ports in access mode.0. Enable the user ports on S2 and S3.0.0.0. Refer to the topology diagram to determine which ports are connected to end-user devices.0. PC5. Use the show vtp status command to determine the VTP operating mode for all three switches.1: Basic VTP Configuration Task 2: Configure the Ethernet Interfaces on the Host PCs Configure the Ethernet interfaces of PC1.0. PC2.0 (no valid interface found) S3#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 All contents are Copyright © 1992–2007 Cisco Systems.0.4.0 (no valid interface found) S2#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 64 Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A Configuration last modified by 0. PC4.

but only if the client switch domain is in the null state.0. configure trunking and the native VLAN for FastEthernet interfaces 0/1-5. In this activity. This document is Cisco Public Information. Server mode is the default VTP mode for most Catalyst switches. Inc. with S2 and S3 configured as VTP clients or in VTP transparent mode. domain name. and S3 in transparent mode. Step 4. All rights reserved.0. Set the VTP domain name to Lab4 and the VTP password to cisco on all three switches. Common VTP configuration tasks are setting the operating mode. Page 4 of 8 . S1(config)#vtp domain Lab4 Changing VTP domain name from NULL to Lab4 S1(config)#vtp password cisco Setting device VLAN database password to cisco S1(config)#end S2(config)#vtp mode client Setting device to VTP CLIENT mode S2(config)#vtp domain Lab4 Changing VTP domain name from NULL to Lab4 S2(config)#vtp password cisco Setting device VLAN database password to cisco S2(config)#end S3(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode. Step 3.0 at 0-0-00 00:00:00 Local updater ID is 0. On all switches. and password. Switches in different VTP domains do not exchange VLAN information. VLANs are then created on the VTP server and pushed to the other switches in the domain. Configure S1 in server mode. For that reason. it is good practice to manually configure the domain name on all switches to ensure that the domain name is configured correctly.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Only commands for fa0/1 on each switch are shown below. Note that all three switches are in server mode.0. S2 in client mode. S1(config)#interface fa0/1 All contents are Copyright © 1992–2007 Cisco Systems.1: Basic VTP Configuration Number of existing VLANs : 5 VTP Operating Mode : Server VTP Domain Name : VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x7D 0x5A 0xA6 0x0E 0x9A 0x72 0xA0 0x3A Configuration last modified by 0. you will be using S1 as the VTP server. and VTP password on all three switches. one or more switches are configured as VTP servers. Within each VTP domain. domain. It does not learn a new name if one has been previously set.0 (no valid interface found) VTP allows the network administrator to control the instances of VLANs on the network by creating VTP domains.4. S1(config)#vtp mode server Device mode already VTP SERVER. Configure trunking and the native VLAN for the trunking ports on all three switches. Configure the operating mode. S3(config)#vtp domain Lab4 Changing VTP domain name from NULL to Lab4 S3(config)#vtp password cisco Setting device VLAN database password to cisco S3(config)#end Note: The VTP domain name can be learned by a client switch from a server switch.0.

Configure ports fa0/6. and fa0/18 so that they allow only a single host and learn the MAC address of the host dynamically. maximum 1 mac-address sticky maximum 1 mac-address sticky maximum 1 mac-address sticky maximum 1 mac-address sticky maximum 1 mac-address sticky maximum 1 mac-address sticky . fa0/11.1: Basic VTP Configuration S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#no shutdown S1(config-if)#interface fa0/2 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#no shutdown S1(config-if)#end S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 99 S2(config-if)#no shutdown S2(config-if)#end S3(config)#interface fa0/2 S3(config-if)#switchport mode trunk S3(config-if)#switchport trunk native vlan 99 S3(config-if)#no shutdown S3(config-if)#end Step 5.4. This document is Cisco Public Information. Inc.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Configure VLANs on the VTP server. S2(config)#interface fa0/6 S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#interface fa0/11 S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#interface fa0/18 S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#switchport port-security S2(config-if)#end S3(config)#interface fa0/6 S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#interface fa0/11 S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#interface fa0/18 S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#switchport port-security S3(config-if)#end Step 6. There are four VLANS required in this lab: • VLAN 99 (management) Page 5 of 8 All contents are Copyright © 1992–2007 Cisco Systems. All rights reserved. Configure port security on the S2 and S3 access layer switches.

CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Fa0/20. Fa0/7. Fa0/24. Fa0/24. Fa0/5 Fa0/6. Fa0/19. This document is Cisco Public Information. Fa0/9 Fa0/10. S1(config)#vlan 99 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 10 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 20 S1(config-vlan)#name S1(config-vlan)#exit S1(config)#vlan 30 S1(config-vlan)#name S1(config-vlan)#exit management faculty/staff students guest Verify that the VLANs have been created on S1 with the show vlan brief command. Packet Tracer grading is case-sensitive. Fa0/9 Fa0/10. Gig1/1 Gig1/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Are the same VLANs configured on all switches? ____________________ no Why do S2 and S3 have different VLAN configurations at this point? All contents are Copyright © 1992–2007 Cisco Systems. Fa0/13 Fa0/14. All rights reserved. Fa0/19. Fa0/4. Fa0/17 Fa0/18. Page 6 of 8 . Fa0/21 Fa0/22. Fa0/5 Fa0/6. Fa0/2. Fa0/11. Fa0/3. Fa0/16. Fa0/20. Fa0/15. S2#show vlan brief VLAN Name Status Ports ---.Fa0/21 Fa0/22. Check if the VLANs created on S1 have been distributed to S2 and S3. Fa0/15. Gi0/1 Gi0/2 10 faculty/staff active 20 students active 30 guest active 99 management active S3#show vlan brief VLAN Name Status Ports ---.-----------------------------. Fa0/4. Fa0/12.Fa0/13 Fa0/14. Inc. Fa0/23.Fa0/17 Fa0/18. Use the show vlan brief command on S2 and S3 to determine if the VTP server has pushed its VLAN configuration to all the switches.------------------------------1 default active Fa0/1. Fa0/16.4. Fa0/8.1: Basic VTP Configuration • • VLAN 10 (faculty/staff) VLAN 20 (students) • VLAN 30 (guest) Configure these on the VTP server.-----------------------------. Fa0/12.------------------------------1 default active Fa0/1. Fa0/7. Step 7. Fa0/23.--------.--------. Fa0/8. Fa0/11.

Manually configure VLANs. troubleshoot the switch configurations and try again.0 S2(config-if)#no shutdown S3(config)#interface vlan 99 S3(config-if)#ip address 172. Delete VLAN 88 from S3. In addition. This document is Cisco Public Information. Create a new VLAN on S2 and S3. All rights reserved.99.255.99. ping the management interface on S2 and S3.255. Step 10.1: Basic VTP Configuration ______________________________________________________________________________ S2 is in VTP client mode and accepts VLAN configurations advertised by a VTP server. From S2.255. Configure the four VLANs identified in Step 6 on switch S3.255.17. Inc.17.12 255.0 S1(config-if)#no shutdown S2(config)#interface vlan 99 S2(config-if)#ip address 172. S3(config)#vlan 88 S3(config-vlan)#name test S3(config-vlan)# Why are you prevented from creating a new VLAN on S2 but not S3? ______________________________________________________________________________ VLANs can only be created on switches in VTP server mode or transparent mode.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. so it forwards VTP advertisements but does not implement the advertised VLANs locally.17.99. these types of errors can be difficult to troubleshoot. S1(config)#interface vlan 99 S1(config-if)#ip address 172. and any error introduced here could prevent intra-VLAN communication.4. Configure the management interface address on all three switches.255. S3(config)#vlan 99 S3(config-vlan)#name S3(config-vlan)#exit S3(config)#vlan 10 S3(config-vlan)#name S3(config-vlan)#exit S3(config)#vlan 20 S3(config-vlan)#name S3(config-vlan)#exit S3(config)#vlan 30 S3(config-vlan)#name S3(config-vlan)#exit management faculty/staff students guest Here you see one of the advantages of VTP.13 255. Step 8.11 255. All contents are Copyright © 1992–2007 Cisco Systems. Manual configuration is tedious and error prone.0 S3(config-if)#no shutdown Verify that the switches are correctly configured by pinging between them. Were the pings successful? If not. From S1. S3(config)#no vlan 88 Step 9. S3 is in VTP transparent mode. ping the management interface on S3.255. Page 7 of 8 . S2(config)#vlan 88 %VTP VLAN configuration not allowed when device is in CLIENT mode.

only configure the first interface for each VLAN. S3(config)#interface fa0/6 S3(config-if-range)#switchport access vlan 30 S3(config-if-range)#interface fa0/11 S3(config-if-range)#switchport access vlan 10 S3(config-if-range)#interface fa0/18 S3(config-if-range)#switchport access vlan 20 S3(config-if-range)#end S3#copy running-config startup-config Destination filename [startup-config]? [enter] Building configuration. Port assignments must be configured on each switch manually or dynamically using a VMPS server.. Page 8 of 8 . This document is Cisco Public Information. Refer to the port assignment table at the beginning of the activity to assign ports to the VLANs. [OK] S3# All contents are Copyright © 1992–2007 Cisco Systems. Port assignments are not configured through VTP..CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. All rights reserved.4. Inc. The commands are shown for S3 only. Save the configuration when you are done. Since Packet Tracer 4. but both S2 and S3 switches should be similarly configured.11 does not make use of the interface range command. Assign switch ports to VLANs.1: Basic VTP Configuration Step 11.

255.0 255.2 172.31.2 Subnet Mask 255.11 172. Page 1 of 4 .99.13 172.255.20.1 172.255. Inc.10.31.255.255.2: VTP Configuration (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.255.99.31.1 172.0 255.4.0 All contents are Copyright © 1992–2007 Cisco Systems.0 255.31.0 255.255.31.31.255.31.1 172.255.2 172.0 255.12 172.0 255.30.99.0 255.255.0 255.10.20.30.255.255. All rights reserved.PT Activity 4.255.255.31.255.255.31. This document is Cisco Public Information.255.255.

0/10 Fa0/11 . S2. and S3 switches according to the following guidelines and save all your configurations: • • • • Configure the switch hostname as indicated on the topology.Sales VLAN 99 – Network Mgmt 172.20. with S2 and S3 configured as VTP clients.10. S2 in client mode.31. Check the current VTP settings on the three switches.0/24 None Assignment 802. Configure the operating mode. Within each VTP domain.1q Trunks VLAN 30 .0 /24 172.0/17 Fa0/18 . Default gateway configurations are not necessary for this activity. Page 2 of 4 . domain.2: VTP Configuration Port Assignments (S2 and S3) Ports Fa0/1 . You will correct it later in the activity. you will be configuring S1 as a VTP server. Step 1. and S3 in transparent mode. Configure a password of cisco for console and vty connections. and VTP password on all three switches. and password. PC2.30. Inc. All contents are Copyright © 1992–2007 Cisco Systems. PC5. Configure an EXEC mode password of class. learn about VTP modes.0 /24 172. VLANs are then created on the VTP server and pushed to the other switches in the domain.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Task 3: Configure VTP on the Switches VTP allows the network administrator to control the instances of VLANs on the network by creating VTP domains. Task 2: Configure the Ethernet Interfaces on the Host PCs Configure the Ethernet interfaces of PC1.0 /24 Network Learning Objectives • • • Perform basic switch configurations Configure the Ethernet interfaces on the host PCs Configure VTP the switches Introduction In this activity.99. All rights reserved. Step 2.0/5 Fa0/6 . PC3.4. one or more switches are configured as VTP servers. create and distribute VLAN information and assign ports to VLANs Task 1: Perform Basic Switch Configurations Configure the S1. Common VTP configuration tasks are operating mode.Engineering VLAN 20 . Set the VTP domain name to access and the VTP password to lab4 on all three switches. This document is Cisco Public Information. configure VTP. Packet Tracer will initially grade the mode for S3 as incorrect. Configure S1 in server mode. domain name.Administration VLAN 10 . trunking. In this lab.0 /24 172. you will perform basic switch configurations. and PC6 with the IP addresses indicated in the addressing table.31. PC4.31.31. Disable DNS lookup.

configure trunking and the native VLAN for FastEthernet interfaces 0/1-5. Check if the VLANs created on S1 have been distributed to S2 and S3. Inc. Verify that the switches are correctly configured by pinging between them. Configure the management interface address on all three switches. Step 6. Configure all three switches with the IP addresses identified in the addressing table at the beginning of the lab.4. change the VTP mode on S3 to client. Page 3 of 4 . Step 3. This document is Cisco Public Information. verify that all four VLANs have been created on S1. troubleshoot the switch configurations and resolve. Step 5. ping the management interface on S3.2: VTP Configuration Note: The VTP domain name can be learned by a client switch from a server switch. There are four VLANS required in this lab: • • • VLAN 99 management VLAN 10 engineering VLAN 20 sales • VLAN 30 administration Configure these on the VTP server. and Fa0/18 on S2 and S3 so that they allow a maximum of two hosts to connect to these ports and learn the MAC addresses of the hosts dynamically. Configure port security on the S2 and S3 access layer switches. All contents are Copyright © 1992–2007 Cisco Systems. Switches in different VTP domains do not exchange VLAN information. Configure VLANs on the VTP server. S3 is in VTP transparent mode. From S1. ping the management interface on S2 and S3. On all switches. Use the show vlan brief command on S2 and S3 to determine if the VTP server has pushed its VLAN configuration to all the switches. but only if the client switch domain is in the null state. It does not learn a new name if one has been previously set. Step 7. Fa0/11. Are the same VLANs configured on all switches? ___________________ no Why do S2 and S3 have different VLAN configurations at this point? _____________________________ ______________________________________________________________________________ ______________________________________________________________________________ S2 is in VTP client mode and accepts VLAN configurations advertised by a VTP server. Then verify that S3 received VLAN configurations from S1 through VTP. so it forwards VTP advertisements but does not implement the advertised VLANs locally. When you are done. All rights reserved. Were the pings successful? __________________ no If not.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. it is good practice to manually configure the domain name on all switches to ensure that the domain name is configured correctly. Step 4. Assign these addresses to the network management VLAN (VLAN 99). Configure ports Fa0/6. Configure trunking and the native VLAN for the trunking ports on all three switches. Before proceeding. From S2. For that reason.

Step 9. From PC1.4. and PC6. Note that port assignments are not configured through VTP. All rights reserved. Assign switch ports to VLANs. Save the configuration when you are done. Were any of the pings successful? __________________ yes. Refer to the port assignment table at the beginning of the lab to assign ports to VLANs. Which hosts could be reached from PC3? __________________________ PC6 only All contents are Copyright © 1992–2007 Cisco Systems.CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4. Inc. Verify that the trunks are operating correctly. attempt to ping PC4. Remember that both S2 and S3 switches should be similarly configured. the pings to PC4 were successful Why did some of the pings fail? ______________________________________________________________________________ ______________________________________________________________________________ The hosts are in different VLANs.2: VTP Configuration Step 8. PC5. This document is Cisco Public Information. Page 4 of 4 .

4.30.255.22 172.255.21 172.24 172.26 Subnet Mask 255.13 172.17.17.255.0 255.10.17.255.255.25 172.10.23 172.20.255.17. This document is Cisco Public Information.20.0 All contents are Copyright © 1992–2007 Cisco Systems.255.0 255.255.255.17.0 255.255.99.11 172.17.30.255.99.0 255.17.255.255.0 255.99. Page 1 of 2 .PT Activity 4.17.255.255.0 255. All rights reserved.17.3: Troubleshooting the VTP Configuration (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.0 255.255.255.0 255.255. Inc.12 172.

However. You will have successfully resolved all errors when the same VLANs are configured on all three switches.17. the VTP domain name is Lab3_4.0 /24 172.3: Troubleshooting the VTP Configuration Port Assignments (S2 and S3) Ports Fa0/1 .0/17 Fa0/18 .0/10 Fa0/11 .CCNA Exploration LAN Switching and Wireless: VTP PT Activity 4.Faculty/Staff VLAN 20 .30. and PC6 from PC3.Guest (Default) VLAN 10 . Page 2 of 2 . and the VTP password is cisco.99.20. You should also be able to ping the management interfaces on both S2 and S3 from S1. Task 1: Troubleshoot and Correct VTP and Configuration Errors When all errors are corrected.17.0 /24 172.17. In this activity. but it must be configured correctly.Students Network 172.1q Trunks (Native VLAN 99) VLAN 30 .0/24 Assignment 802. All contents are Copyright © 1992–2007 Cisco Systems. All rights reserved.0 /24 Learning Objectives • • Find and correct all configuration errors Document the corrected network Introduction The VLAN Trunking Protocol (VTP) helps ensure uniform VLAN configurations on your switched network. you should be able to ping PC4 from PC1.4.10. there are a number of errors in this configuration that you must troubleshoot and correct before end-to-end connectivity within the VLAN is restored. This document is Cisco Public Information.0/5 Fa0/6 . PC5 from PC2. Task 2: Document the Switch Configuration When you have completed your troubleshooting. and you can ping between any two hosts in the same VLAN or between any two switches.17.0 /24 172. capture the output of the show run command and save it to a text document for each switch. Inc.

17. All rights reserved.1 172. This document is Cisco Public Information.255.10.25 172.255.10.17.17.255.20.0 255.0 255.255.17.17.255. .255.17.0 255.24 172.0 255.0 Default Gateway 172.22 172.255.255.1 172.17.33 172.99.0 255.99.17.23 172.17.17.20.31 172.1 172.1 172.10.20.255.0 255.99.255.10.21 172.1 172.255.99.99.20.1 172.17.32 172.5.30.0 255.255. Inc.0 255.1 Learning Objectives: • • • Configure and verify basic device configurations Configure and verify port security Configure VTP Page 1 of 4 All contents are Copyright © 1992–2007 Cisco Systems.255.1: Packet Tracer Skills Integration Challenge (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 PC4 PC5 PC6 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC NIC NIC NIC IP Address 172.255.99.255.17.17.255.PT Activity 4.17.1 172.26 Subnet Mask 255.17.30.30.255.255.17.1 172.30.17.17.

Use the addressing table for address configuration. Set the port to shutdown if there is a security violation. NOTE: Only enabling port security is graded by Packet Tracer. Task 2: Configure and Verify Port Security Step 1. Task 1: Configure and Verify Basic Device Configurations Step 1. Configure the first learned MAC address to "stick" to the configuration. port security.1: Packet Tracer Skills Integration Challenge • • • • Configure trunking Configure VLANs Assign VLANs to ports Verify end-to-end connectivity Introduction In this activity. • • • • • • Set the port to access mode. Inc. you will configure switches including basic configuration. Normally you configure port security on all access ports or shutdown the port if it is not in use. Create Simple PDUs to test connectivity between devices on the same subnet: Step 4. Your completion percentage should be 15%. Enable port security.5. • • • • • Hostname on S1 Banner Enable secret password Line configurations Service encryption Step 2. Step 3. and S3. Page 2 of 4 . All rights reserved. Allow only 1 MAC address. all the port security tasks listed above are required to complete this activity. Packet Tracer will only grade the hostname command.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 4. Configure basic commands. Use the following policy to establish port security just on the ports used by the PCs. If not. This document is Cisco Public Information. Verify PCs on the same subnet can ping each other. All contents are Copyright © 1992–2007 Cisco Systems. click Check Results to see which required components are not yet completed. You will use VTP to advertise the VLAN configurations to other switches. However. The PCs are already configured with correct addressing. Force the switches to learn the MAC addresses by sending pings across all three switches. Configure the management VLAN interface on S1. Create and enable interface VLAN 99 on each switch. Configure each switch with the following basic commands. Configure all access links with port security. S2. Check results. trunking and VLANs.

Step 5. click Check Results to see which required components are not yet completed. Task 4: Configure Trunking Step 1. Your completion percentage should be 55%. • • VLAN 10 Faculty/Staff VLAN 20 Students Page 3 of 4 All contents are Copyright © 1992–2007 Cisco Systems. • • • Connect PC2 and PC3 back to the correct port. The ports for PC2 and PC3 should shutdown.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 4. Use cisco as the VTP domain password. This document is Cisco Public Information. . Task 5: Configure VLANs Step 1. Configure S2 and S3 as clients. Configure trunking on S1. Check results. and S3. Step 2. Your completion percentage should be 83%. If not. • • • Connect PC2 to PC3's port and connect PC3 to PC2's port. Configure the VTP domain name on all three switches. Verify PC2 and PC3 can now send pings across S2. Verify ports are "err-disabled" and that a security violation has been logged. Reconnect PCs to correct port and clear port security violations. Your completion percentage should be 70%. Use CCNA as the VTP domain name. Create the VLANs on S1. Configure S1 as the server. Configure VTP domain password on all three switches. Configure the VTP mode on all three switches. Send pings between PCs on the same subnet. click Check Results to see which required components are not yet completed.5. Check results. All rights reserved. click Check Results to see which required components are not yet completed. Step 3. Configure the appropriate interfaces in trunking mode and assign VLAN 99 as the native VLAN. Create and name the following VLANs on S1 only. Step 4. Inc. Test port security. Step 4. Step 3. If not. VTP will advertise the new VLANs to S1 and S2.1: Packet Tracer Skills Integration Challenge Step 2. Clear the port security violation. Check results. S2. Task 3: Configure VTP Step 1. Step 2. If not.

Verify VLAN implementation. Step 3. Task 6: Assign VLANs to ports Step 1. Verify VLANs have been sent to S2 and S3. Verify PC2 and PC5 can ping each other. Task 7: Verify End-to-End Connectivity Step 1. Assign VLANs to access ports on S2 and S3. Your completion percentage should be 90%. Check results. This document is Cisco Public Information. Page 4 of 4 . Use the appropriate command to verify your VLAN implementation. Assign the PC access ports to VLANs: • • • VLAN 10: PC1 and PC4 VLAN 20: PC2 and PC5 VLAN 30: PC3 and PC6 Step 2. Inc. click Check Results to see which required components are not yet completed. It may take a few minutes for Packet Tracer to simulate the VTP advertisements. Verify PC3 and PC6 can ping each other. Use appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. Step 4. Verify PC1 and PC4 can ping each other. All contents are Copyright © 1992–2007 Cisco Systems. Step 3. Check results.5. Step 3. click Check Results to see which required components are not yet completed.1: Packet Tracer Skills Integration Challenge • • VLAN 30 Guest(Default) VLAN 99 Management&Native Step 2. If not.CCNA Exploration LAN Switching and Wireless: VLANs PT Activity 4. If not. Step 2. Your completion percentage should be 100%. All rights reserved. PCs on different VLANs should not be able to ping each other.

Click Capture/Forward to examine the ARP process as the switched network learns the All contents are Copyright © 1992–2007 Cisco Systems.” Cisco switches can be plugged in and connected to a network without any additional action by the network administrator. Task 2: Examine the ARP Process Step 1. Distribution layer switches have one forwarding uplink (green) to a core layer switch and a blocking uplink (amber) to another core layer switch. Switch to Simulation mode. Page 1 of 3 . Ping from PC1 to PC6. Switches have been added to the network “out of the box. Use the Add Simple PDU tool to create a PDU from PC1 to PC6. This document is Cisco Public Information.3: Examining a Redundant Design (Instructor Version) Topology Diagram Learning Objectives • • • Check for STP convergence Examine the ARP process Test redundancy in a switched network Introduction In this activity. All rights reserved.PT Activity 5. Be sure ICMP is selected in the Event List Filters. Inc. Access layer switches have one forwarding uplink (green) to a distribution layer switch and a blocking uplink (amber) to a second distribution layer switch. Therefore these switches will act according to default settings. Task 1: Check for STP Convergence When STP is fully converged. Step 2.1. you will examine how STP operates by default. the following conditions exist: • • • All PCs have green link lights on the switched ports.

However.1. the ARP request from PC1 travels from S1 to D2 to C1 to D1 and then back to S1. Notice that the ARP reply from PC6 travels back along one path. Notice that all possible loops are stopped by blocking ports. Delete the link between S1 and D2. no loop occurs. It takes some time for STP to converge and establish a new. It will take some time for STP to converge and establish a new. Record the new loop-free path. the switches know which port to forward this unicast frame. All rights reserved. Task 3: Test Redundancy in a Switched Network Step 1.3: Examining a Redundant Design MAC addresses of PC1 and PC6. What part of the path changed from the last set of pings? ________________________________________________________________________________ ________________________________________________________________________________ The switches used at the access layer changed. Examine the ARP process again. Why? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ All switches in the network learned the location of PC1 from the ARP request. when PC6 replies to PC1. switch to Simulation mode and ping between PC1 and PC6 again. Switch to Realtime mode. Page 2 of 3 . However. Delete link between C1 and D3. Ping between PC1 and PC6. Therefore. the switches at the distribution layer remained the same. After the link between S1 and D1 is active (indicated by a green light). This document is Cisco Public Information.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. Which link is now the active link to C2? All contents are Copyright © 1992–2007 Cisco Systems. loop-free path. Record the loop-free path between PC1 and PC6. Step 2. For example. Examine the ARP process again by pinging between two different PCs. because STP is blocking the link between S1 and D1. Delete the link between C1 and D3. Switch to Realtime mode. Notice that the links between D3 and D4 to C2 are amber. Inc. loop-free path. Delete the link between S1 and D2. watch for the amber light on the link between S1 and D1 to change to green. You can switch between Simulation mode and Realtime mode to accelerate the process. Because only S1 is affected. Watch the amber links on D3 and D4. ________________________________________________________________________________ ________________________________________________________________________________ PC1 <-> S1 <-> D2 <-> C1 <-> D3 <-> S6 <-> PC6 Step 3. All traffic is currently traveling from D2 <-> C1 <-> D3. ________________________________________________________________________________ ________________________________________________________________________________ PC1 <-> S1 <-> D1 <-> C1 <-> D3 <-> S6 <-> PC6 Step 3.

Switch to Simulation mode and ping between PC1 and PC6. Switch to Realtime mode. Step 8. Delete C1. Once converged. ________________________________________________________________________________ ________________________________________________________________________________ PC1 <-> S1 <-> D1 <-> C1 <-> D4 <-> S6 <-> PC6 Step 5. and S6 to D3 transition to forwarding (green). loop-free path. Ping between PC1 and PC6. Ping between PC1 and PC6. Record the new loop-free path. Step 6. S5. It takes some time for STP to converge and establish a new. Watch for the links between D1 and D2 to C2 to transition to forwarding (green). S5.3: Examining a Redundant Design ________________________________________________________________________________ ________________________________________________________________________________ The link between D3 and C2 is now the active link. All three switches should now be forwarding to D3. Switch to Simulation mode and ping between PC1 and PC6. Ping between PC1 and PC6.1. which added an additional hop in the path between PC1 and PC6. Notice that S4. both switches should now be forwarding to C2. Step 7. This document is Cisco Public Information. Record the new loop-free path. Switch to Simulation mode and ping between PC1 and PC6. loop-free path. Record the new loop-free path. Delete D4. It takes some time for STP to converge and establish a new. Inc. Delete C1.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. ________________________________________________________________________________ ________________________________________________________________________________ PC1 <-> S1 <-> D1 <-> C2 <-> D3 <-> S6 <-> PC6 All contents are Copyright © 1992–2007 Cisco Systems. Step 4. All rights reserved. Delete D4. ________________________________________________________________________________ ________________________________________________________________________________ PC1 <-> S1 <-> D1 <-> C1 <-> C2 <-> D3 <-> S6 <-> PC6 What is unique about the new path that you have not seen before? ________________________________________________________________________________ ________________________________________________________________________________ ________________________________________________________________________________ Pings are traveling between the two core layer switches. Watch for the links between S4. Page 3 of 3 . Switch to Realtime mode. Notice that D1 and D2 are both forwarding traffic to C1. and S6 are all forwarding traffic to D4.

2. Distribution layer switches have one forwarding uplink (green) to a core layer switch and a blocking uplink (amber) to another core layer switch. MAC addresses. Inc. You will manipulate the root bridge election so that the core switches are chosen before the distribution or access layer switches. Without looking at BPDU detail. Access layer switches have one forwarding uplink (green) to a distribution layer switch and a blocking uplink (amber) to a core layer switch.PT Activity 5. All rights reserved. or the show spanning-tree command. Step 2. Switch to Simulation mode. Determine the root bridge.5: Configuring STP (Instructor Version) Topology Diagram Learning Objectives • • • • Examine the STP default state Configure the root bridge Configure the backup root bridge Finalize STP configuration Introduction In this activity. the following conditions exist: • • • All PCs have green link lights on the switched ports. Examine link lights. can you tell which switch is the root bridge? All contents are Copyright © 1992–2007 Cisco Systems. Task 1: Examine the STP Default State Step 1. Click Capture/Forward. the switches are “out of the box” without any configuration. Page 1 of 3 . This document is Cisco Public Information. When STP is fully converged. Step 3.

C2 is truly on standby and will not be used to forward traffic unless C1 fails. All rights reserved. Step 5. click Check Results to see which required components are not yet completed. Page 2 of 3 . Step 4. Switch between Realtime mode and Simulation mode several times until all ports on C2 are green.2. Step 2. C1 should be initiating the propagation of BPDUs. The other core switch serves as a backup root bridge. Initiation of BPDUs should start at the core layer. Switch to Realtime mode and configure C2 with a priority of 8192. Switch between Realtime and Simulation modes. All contents are Copyright © 1992–2007 Cisco Systems.5: Configuring STP ____________________________________________________________________________________ ____________________________________________________________________________________ Yes. S6 is the root bridge because it is initiating the propagation of BPDUs. The only switch that accepts traffic from C2 is C1. Task 2: Configure the Root Bridge Step 1. The fastest switches are the core switches. What is unique about the C2 links to the distribution layer switches that you do not see with C1 links? ____________________________________________________________________________________ ____________________________________________________________________________________ All the distribution switches are attached to C2. Switch between Realtime and Simulation modes. and the other should be the backup root. Click Capture/Forward several times to watch configuration BPDUs. Make sure C1 is the root bridge. Switch to Simulation mode. Configure the root bridge. This document is Cisco Public Information. If not. Step 3. Configure the backup root bridge. Your completion percentage should be 17%. Check results. Inc. Examine links attached to C2. One of the core switches should be root. Switch between Realtime mode and Simulation mode several times until all ports on C1 are green. Can you think of a reason why this switch is not a good choice as root? ____________________________________________________________________________________ ____________________________________________________________________________________ Access layer switches are usually not the fastest switches in a layered switched network. Task 3: Configure the Backup Root Bridge Step 1. Step 2.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. Switch to Realtime mode and configure C1 with a priority of 4096. Step 3. but the links are in the blocking state.

click Check Results to see which required components are not yet completed. However. because there are fewer distribution switches. Configure D1. If not. D3. Your completion percentage should be 33%. All contents are Copyright © 1992–2007 Cisco Systems. it is more efficient to configure these switches with a slightly higher priority than the backup root switch. Inc. You could ensure this by configuring all access layer switches with a priority higher than the default.2. Task 4: Finalize STP Configuration Best practice is to never have an access layer switch become root. This document is Cisco Public Information. Check results. D2.5: Configuring STP Step 4. Configure distribution switches. and D4 with a priority of 12288. All rights reserved. Check results. If not.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. Step 1. Your completion percentage should be 100%. Step 2. click Check Results to see which required components are not yet completed. Page 3 of 3 .

255.12 172.0/10 Fa0/11 .255.255.30.17.17.30.0 255. All rights reserved.255.99.17.17.255.0 /24 172.Students Network 172.20.17.0/17 Fa0/18 .0 Default Gateway N/A N/A N/A 172.0 255.12 Port Assignments – S2 Ports Fa0/1 .17.0 /24 172.255.17.13 172.17.21 172.17.1q Trunks (Native VLAN 99) VLAN 30 – Guest(Default) VLAN 10 – Faculty/Staff VLAN 20 .255.0 255.17.0/5 Fa0/6 .22 172.0 255.255.10.2: Challenge Spanning Tree Protocol (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC IP Address 172.20.99. Page 1 of 11 .99.255.0 /24 172.12 172.10.17.255.17.0/24 Assignment 802.0 /24 All contents are Copyright © 1992–2007 Cisco Systems.20.10.12 172.17.23 Subnet Mask 255.255.255.0 255.30. Inc.5. This document is Cisco Public Information.PT Activity 5.99.11 172.

configure VLANs. and PC3 with the IP address. and gateway indicated in the addressing table. and S3 switches according to the following guidelines and save all your configurations: Configure the switch hostname as indicated on the topology. you will perform basic switch configurations. End with CNTL/Z. Configure a password of cisco for vty connections.2: Challenge Spanning Tree Protocol Learning Objectives • • • • • Perform basic switch configurations Configure the Ethernet interfaces on the host PCs Configure VLANs Configure spanning tree Optimizing STP Introduction In this activity.. [OK] Task 2: Configure the Ethernet Interfaces on the Host PCs Configure the Ethernet interfaces of PC1. PC2. configure addressing on PCs. S2.. Task 1: Perform Basic Switch Configurations Configure the S1. Page 2 of 11 .CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. Inc. one per line.5. All contents are Copyright © 1992–2007 Cisco Systems. Configure a password of cisco for console connections. Switch>enable Switch#configure terminal Enter configuration commands. Configure an EXEC mode password of class. Switch(config)#hostname S1 S1(config)#enable secret class S1(config)#no ip domain-lookup S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#line vty 0 15 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#end %SYS-5-CONFIG_I: Configured from console by console S1#copy running-config startup-config Destination filename [startup-config]? Building configuration. subnet mask. examine the Spanning Tree Protocol and learn how to optimize it. This document is Cisco Public Information. All rights reserved. • • • • Disable DNS lookup.

CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. These three ports will be configured for access mode and enabled with the no shutdown command.5.2: Challenge Spanning Tree Protocol Task 3: Configure VLANs Step 1. This document is Cisco Public Information. S2(config)#interface fa0/6 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/11 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/18 S2(config-if)#switchport mode access S2(config-if)#no shutdown Step 2. S1(config)#vtp domain Lab5 Changing VTP domain name from NULL to Lab5 S1(config)#vtp password cisco Setting device VLAN database password to cisco S1(config)#end S2(config)#vtp mode client Setting device to VTP CLIENT mode S2(config)#vtp domain Lab5 Changing VTP domain name from NULL to Lab5 S2(config)#vtp password cisco Setting device VLAN database password to cisco S2(config)#end S3(config)#vtp mode client Setting device to VTP CLIENT mode S3(config)#vtp domain Lab5 Changing VTP domain name from NULL to Lab5 S3(config)#vtp password cisco Setting device VLAN database password to cisco S3(config)#end All contents are Copyright © 1992–2007 Cisco Systems. The default operating mode is server. All rights reserved. Refer to the topology diagram to determine which switch ports on S2 are activated for end-user device access. Enable the user ports on S2 in access mode. Configure VTP. Page 3 of 11 . Remember that VTP domain names and passwords are case-sensitive. Configure VTP on the three switches using the following table. Switch Name S1 S2 S3 VTP Operating Mode Server Client Client VTP Domain Lab5 Lab5 Lab5 VTP Password cisco cisco cisco S1(config)#vtp mode server Device mode already VTP SERVER. Inc.

CCNA Exploration LAN Switching and Wireless: STP

PT Activity 5.5.2: Challenge Spanning Tree Protocol

Step 3. Configure Trunk Links and Native VLAN. Configure trunking ports and native VLAN. For each switch, configure ports Fa0/1 through Fa0/5 as trunking ports. Designate VLAN 99 as the native VLAN for these trunks. When this activity was started, these ports were disabled and must be re-enabled now using the no shutdown command. Only the commands for the FastEthernet0/1 interface on each switch are shown, but the commands should be applied up to the FastEthernet0/5 interface. S1(config)#interface fa0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#no shutdown S1(config)#end S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 99 S2(config-if)#no shutdown S2(config-if)#end S3(config)#interface fa0/1 S3(config-if#switchport mode trunk S3(config-if)#switchport trunk native vlan 99 S3(config-if)#no shutdown S3(config-if-#end Step 4. Configure the VTP server with VLANs. VTP allows you to configure VLANs on the VTP server and have those VLANs populated to the VTP clients in the domain. This ensures consistency in the VLAN configuration across the network. Configure the following VLANS on the VTP server: VLAN VLAN 99 VLAN 10 VLAN 20 VLAN 30 S1(config)#vlan 99 S1(config-vlan)#name S1(config)#vlan 10 S1(config-vlan)#name S1(config)#vlan 20 S1(config-vlan)#name S1(config)#vlan 30 S1(config-vlan)#name S1(config-vlan)#end Step 5. Verify the VLANs. Use the show vlan brief command on S2 and S3 to verify that all four VLANs have been distributed to the client switches. S2#show vlan brief
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 11

VLAN Name management faculty-staff students guest

management faculty-staff students guest

CCNA Exploration LAN Switching and Wireless: STP

PT Activity 5.5.2: Challenge Spanning Tree Protocol

VLAN Name Status Ports ---- -------------------------------- --------- ----------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12,Fa0/13 Fa0/14, Fa0/15, Fa0/16,Fa0/17 Fa0/18, Fa0/19, Fa0/20,Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 10 faculty/staff active 20 students active 30 guest active 99 management active S3#show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ----------------------------1 default active Fa0/1, Fa0/2, Fa0/4, Fa0/5 Fa0/6, Fa0/7, Fa0/8, Fa0/9 Fa0/10, Fa0/11, Fa0/12,Fa0/13 Fa0/14, Fa0/15, Fa0/16,Fa0/17 Fa0/18, Fa0/19, Fa0/20,Fa0/21 Fa0/22, Fa0/23, Fa0/24, Gi0/1 Gi0/2 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Step 6. Configure the management interface address on all three switches. S1(config)#interface vlan99 S1(config-if)#ip address 172.17.99.11 255.255.255.0 S2(config)#interface vlan99 S2(config-if)#ip address 172.17.99.12 255.255.255.0 S3(config)#interface vlan99 S3(config-if)#ip address 172.17.99.13 255.255.255.0 Verify that the switches are correctly configured by pinging between them. From S1, ping the management interface on S2 and S3. From S2, ping the management interface on S3. Were the pings successful? If not, troubleshoot the switch configurations and try again. Step 7. Assign switch ports to the VLANs. Port assignments are listed in the table at the beginning of the activity. However, since Packet Tracer 4.11 does not support the interface range command, only assign the first port from each range. S2(config)#interface fa0/6 S2(config-if)#switchport access vlan 30 S2(config-if)#interface fa0/11 S2(config-if)#switchport access vlan 10 S2(config-if)#interface fa0/18 S2(config-if)#switchport access vlan 20 S2(config-if)#end S2#copy running-config startup-config
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 11

CCNA Exploration LAN Switching and Wireless: STP

PT Activity 5.5.2: Challenge Spanning Tree Protocol

Destination filename [startup-config]? [enter] Building configuration... [OK] S2#

Task 4: Configure Spanning Tree
Step 1. Examine the default configuration of 802.1D Spanning Tree Protocol (STP). On each switch, display the spanning tree table with the show spanning-tree command. The output is shown for S1 only. Root selection varies depending on the default BID of each switch. In this activity S3 is currently the root. S1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0030.F20D.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0050.0F68.146E Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Desg Desg Sts --FWD BLK FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.3 128.3 128.3 128.3 Type -------------------------------Shr Shr Shr Shr

VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0030.F20D.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0050.0F68.146E Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Desg Desg Sts --FWD BLK FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.3 128.3 128.3 128.3 Type -------------------------------Shr Shr Shr Shr

VLAN0020 Spanning tree enabled protocol ieee Root ID Priority 32788 Address 0030.F20D.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0050.0F68.146E Aging Time 300
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 11

Examine the VLAN 99 spanning tree for all three switches: S1#show spanning-tree vlan 99 VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 32867 Address 0030.3 128. All rights reserved.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32798 (priority 32768 sys-id-ext 30) Address 0050.0F68.F20D.3 128.3 128.Nbr -------128.2: Challenge Spanning Tree Protocol Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Desg Desg Sts --FWD BLK FWD FWD Cost --------19 19 19 19 Prio.F20D.3 128.146E Aging Time 300 Interface Role Sts Cost Prio.Nbr -------128.3 Type -------------------------------Shr Shr Shr Shr VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 32867 Address 0030.3 128.Nbr Type Page 7 of 11 All contents are Copyright © 1992–2007 Cisco Systems.F20D.3 128.146E Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Desg Desg Sts --FWD BLK FWD FWD Cost --------19 19 19 19 Prio.0F68.0F68. .5.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32867 (priority 32768 sys-id-ext 99) Address 0050.3 Type -------------------------------Shr Shr Shr Shr Note that there are five instances of STP on each switch.3 128.146E Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Desg Desg Sts --FWD BLK FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.3 128. This document is Cisco Public Information.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.3 128.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32867 (priority 32966 sys-id-ext 99) Address 0050. Inc.3 Type -------------------------------Shr Shr Shr Shr VLAN0030 Spanning tree enabled protocol ieee Root ID Priority 32798 Address 0030.

3 128.3 128. What is the priority for switches S1. Page 8 of 11 .3 -------------------------------Shr Shr Shr Shr S2#show spanning-tree vlan 99 VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 32867 Address 0030.Nbr -------128. S2=32867.2: Challenge Spanning Tree Protocol ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 ---Root Altn Desg Desg --FWD BLK FWD FWD --------19 19 19 19 -------128. S2. Examine the output.3 128.D6B1 Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Desg Desg Desg Desg Sts --FWD FWD FWD FWD Cost --------19 19 19 19 Prio. 30.5. S3=32867 What is the priority for S1 on VLANs 10. All rights reserved. Answer the following questions based on the output.7258 Aging Time 300 Interface ---------------Fa0/1 Fa0/2 Fa0/3 Fa0/4 Role ---Root Altn Altn Altn Sts --FWD BLK BLK BLK Cost --------19 19 19 19 Prio. Inc.F20D.3 128.3 128. VLAN30 = 32867.D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32867 (priority 32966 sys-id-ext 99) Address 00E0.F20D.3 Type -------------------------------Shr Shr Shr Shr S3#show spanning-tree vlan 99 VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 32867 Address 0030.3 Type -------------------------------Shr Shr Shr Shr Step 2.3 128.3 128.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.3 128. VLAN20 = 32867. and S3 on VLAN 99? ______________________________________________________________________________ S1=32867. and 99? ______________________________________________________________________________ VLAN10 = 32867.F7AE.3 128. VLAN99 = 32867 Which ports are blocking VLAN 99 on the root switch? ______________________________________________________________________________ All contents are Copyright © 1992–2007 Cisco Systems. This document is Cisco Public Information.Nbr -------128.D6B1 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32867 (priority 32966 sys-id-ext 99) Address 0030.F20D. 20.

the same root is elected for every spanning tree. Therefore. S3#show spanning-tree vlan 99 VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 4195 Address 0050. it is necessary to force another switch to become the root switch for VLAN 99 to impose some load-sharing on the trunks. While this prevents loops. what else does the switch use to determine the root? ______________________________________________________________________________ Switch MAC address Task 5: Optimizing STP Because there is a separate instance of the spanning tree for every active VLAN.0F68. Some reasons to control the selection of the root switch include: • • • The root switch is responsible for generating BPDUs in STP 802. The lower number indicates a higher priority for root selection. and three ports are blocking on the other non-root switch How does STP select the root? ______________________________________________________________________________ Lowest bridge ID Since the bridge priorities are all the same. If the default switch priorities are used in root selection. This is demonstrated below. a separate root election is conducted for each instance. Random placement is likely to lead to suboptimal paths. Inc. but using default settings. S1(config)#spanning-tree vlan 99 priority 4096 S1(config)#exit Give the switches a little time to recalculate the spanning tree and then check the tree for VLAN 99 on switch S3 (the original VLAN 99 root) and switch S1 (the non-root switch selected to become the new VLAN 99 root). as you have observed. one port is blocking on one non-root switch.5. The placement of the root defines the active switched paths in the network.F20D. In the example output below. Consider the topology used in this activity. is 32768 plus the VLAN ID. Ideally the root is in the distribution layer. This could lead to an inferior design. All rights reserved. Selection of the root switch is accomplished by changing the spanning-tree priority for the VLAN. Page 9 of 11 . Because the root can be defined on the basis of the VLAN. Of the six trunks configured.2: Challenge Spanning Tree Protocol none Which ports are blocking VLAN 99 on the non-root switches? ______________________________________________________________________________ varies. it has been determined that the root selection using default values has led to underutilization of the available switch trunks. it is a waste of resources.146E Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32867 (priority 32966 sys-id-ext 99) Address 0030.1D and is the focal point for spanning tree control traffic. the default root switch for all VLANs is S3. as we have seen. The default priority. you can have some ports blocking for one VLAN and forwarding for another.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. only two are carrying traffic. In this example. This document is Cisco Public Information.D6B1 All contents are Copyright © 1992–2007 Cisco Systems. The root switch must be capable of handling this additional load. Set the priority for VLAN 99 on S3 to 4096.

D6B1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32788 sys-id-ext 10) Address 0050. Inc.146E Aging Time 300 Interface ---------------Fa0/4 Fa0/3 Fa0/2 Fa0/1 Role ---Desg Desg Desg Desg Sts --FWD FWD FWD FWD Cost --------19 19 19 19 Prio.Nbr -------128.2: Challenge Spanning Tree Protocol Aging Time 300 Interface ---------------Fa0/4 Fa0/1 Fa0/2 Fa0/3 Role ---Desg Root Altn Desg Sts --FWD FWD BLK FWD Cost --------19 19 19 19 Prio.146E This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 4195 (priority 4294 sys-id-ext 99) Address 0050. S1#show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 0030.0F68. This document is Cisco Public Information.3 Type -------------------------------Shr Shr Shr Shr S1#show spanning-tree vlan 99 VLAN0099 Spanning tree enabled protocol ieee Root ID Priority 4195 Address 0050. .Nbr -------128.3 Type -------------------------------Shr Shr Page 10 of 11 All contents are Copyright © 1992–2007 Cisco Systems.146E Aging Time 300 Interface ---------------Fa0/4 Fa0/3 Role ---Desg Desg Sts --FWD FWD Cost --------19 19 Prio.5.3 128.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.3 128.Nbr -------128. All rights reserved.0F68.3 128.3 128.3 128.3 128.0F68.3 128.3 Type -------------------------------Shr Shr Shr Shr Which switch is the root for VLAN 99? ______________________________________________________________________________ S1 (may vary) Which ports are blocking VLAN 99 traffic on the new root? ______________________________________________________________________________ None Which ports are now blocking VLAN 99 traffic on the old root? ______________________________________________________________________________ fa0/2 (may vary) Compare the S1 VLAN 99 spanning tree above with the S1 VLAN 10 spanning tree.F20D.

This document is Cisco Public Information. However. without having to leaves trunks totally unused. By configuring groups of VLANs to use different trunks as their primary forwarding path. the original spanning tree topology. Page 11 of 11 . is still in place for the four other active VLANs.2: Challenge Spanning Tree Protocol Fa0/2 Fa0/1 Altn BLK 19 Root FWD 19 128.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.5. with one of four S1 ports in blocking mode.3 Shr Shr Note that S1 can now use all four ports for VLAN 99 traffic as long as they are not blocked at the other end of the trunk. we retain the redundancy of failover trunks. All contents are Copyright © 1992–2007 Cisco Systems. Inc. All rights reserved.3 128.

17.0 255.0/17 Fa0/18 .11 172. All rights reserved. This document is Cisco Public Information.21 172.17.20.255.17.12 172.0 255.17.17.0 /24 172.17. Page 1 of 2 .10.3: Troubleshooting Spanning Tree Protocol (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 Interface VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC IP Address 172.17.1q Trunks (Native VLAN 99) VLAN 30 – Guests(Default) VLAN 10 – Faculty/Staff VLAN 20 .255.255.99.0 /24 172.255.23 Subnet Mask 255.PT Activity 5.1 Port Assignments – S2 Ports Fa0/1 .255.30.0 255.99.17.17.0/5 Fa0/6 .99.0 /24 172.22 172.255.20.1 172.0/10 Fa0/11 .255.30.99.17.255.17.10.255. Inc.255.255.10.17.0/24 Assignment 802.0 255.0 255.1 172.255.0 /24 All contents are Copyright © 1992–2007 Cisco Systems.Students Network 172.30.17.5.20.0 Default Gateway N/A N/A N/A 172.13 172.

Assume that the three user LANs (10. capture the output of the show run command and save it to a text file for each switch. 20. All rights reserved. You recognize that of the six trunks configured. display the spanning tree table with the show spanning-tree command. and your analysis points to congested trunks. Page 2 of 2 . Aim for a solution that will have a different set of ports forwarding for each of the three user VLANs. and all three switches are participating in per-VLAN load balancing for the three user VLANs. One of the most direct is the following: S1(config)#spanning-tree vlan 10 priority 4096 S1(config)#spanning-tree vlan 20 priority 16384 S2(config)#spanning-tree vlan 20 priority 4096 S2(config)#spanning-tree vlan 30 priority 16384 S3(config)#spanning-tree vlan 30 priority 4096 S3(config)#spanning-tree vlan 10 priority 16384 All contents are Copyright © 1992–2007 Cisco Systems. Task 2: Correct the Source of the Problem Modify the spanning tree configuration so that all three trunks are in use. Solution There are a number of different ways that load balancing can be accomplished. you must meet the following guidelines: • • • S1 is root for VLAN 10 (priority 4096) and backup root for VLAN 20 (priority 16384) S2 is root for VLAN 20 (priority 4096) and backup root for VLAN 30 (priority 16384) S3 is root for VLAN 30 (priority 4096) and backup root for VLAN 10 (priority 16384) Task 3: Document the Switch Configuration When you have completed your solution. This activity is complete when all wired trunks are carrying traffic. and identify which trunks are not being used in the default configuration.5. You and your users have been observing increased latency during peak usage times. This document is Cisco Public Information. The solution to this problem requires more effective use of the available trunks. Task 1: Identify the Initial State of All Trunks On each of the switches.3: Troubleshooting Spanning Tree Protocol Learning Objectives • • • Identify the initial state of all trunks Correct the source of the problem Document the switch configuration Scenario You are responsible for the operation of the redundant switched LAN shown in the topology diagram. only two are forwarding packets in the default STP configuration currently running. You can use your network topology drawing to document the initial state of all trunk ports. Inc. Note which ports are forwarding on each switch. In order for the activity to be correctly graded. and 30) carry an equal amount of traffic.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.

1.1.130 10.1.225 10.228 10.255.1.255.PT Activity 5. All rights reserved.1: Packet Tracer Skills Integration Challenge (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 PC1 PC2 PC3 Interface VLAN 5 VLAN 5 VLAN 5 NIC NIC NIC IP Address 10.129 10.1. Inc.240 255.255.1.1.1.226 10.255. Page 1 of 4 .6.224 Default Gateway 10.192 255.255.1.225 10.1.1.128 255.255.255.1.1.1.227 10.255.255.2 10.1.1. This document is Cisco Public Information.193 All contents are Copyright © 1992–2007 Cisco Systems.1.240 255.1.1.1.255.255.1 10.1.1.1.240 255.255.1.194 Subnet Mask 255.225 10.

Your completion percentage should be 18%. and STP. All rights reserved.6. Create and enable interface VLAN 5 on each switch. you will configure a redundant network with VTP. Therefore. Configure basic commands. Page 2 of 4 . S2. Packet Tracer only grades the hostnames and default gateways. The VLANs in this activity are different than what you have seen in previous chapters. This document is Cisco Public Information. In addition. click Check Results to see which required components are not yet completed. Use your addressing scheme for the address configuration. It can be any number you choose. Inc. Step 3. we use VLAN 5 in this activity. and S3. It is important for you to know that the management and default VLAN does not have to be 99.1: Packet Tracer Skills Integration Challenge Learning Objectives • • • • • • • • Design and document an addressing scheme Configure and verify basic device configurations Configure VTP Configure trunking Configure VLANs Assign VLANs to ports Configure STP Configure host PCs Introduction In this activity. All contents are Copyright © 1992–2007 Cisco Systems. Task 1: Design and Document an Addressing Scheme Your addressing scheme needs to satisfy the following requirements: • • • • Production VLAN needs 100 host addresses Staff VLAN needs 50 host addresses Guest VLAN needs 20 host addresses Management&Native VLAN needs 10 host address Task 2: Configure and Verify Basic Device Configurations Step 1. Check results. • • • • • • Hostnames Banner Enable secret password Line configurations Service encryption Default gateways Step 2. you will design an addressing scheme based on user requirements. Configure the management VLAN interface on S1. Configure each switch with the following basic commands. VLANs.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. If not.

All rights reserved.6. click Check Results to see which required components are not yet completed. Step 2. If not. VTP will advertise the new VLANs to S1 and S2. Configure the VTP domain password on all three switches. Inc. click Check Results to see which required components are not yet completed. Your completion percentage should be 66%. Check results. Check results. Use westbranch as the VTP domain password. Your completion percentage should be 30%. Use XYZCORP as the VTP domain name. Step 3. Use appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. Step 4. S2. and S3. Verify that VLANs have been sent to S2 and S3. Create the VLANs on S1. If not. Task 4: Configure Trunking Step 1. . Configure S2 and S3 as clients. Configure the appropriate interfaces in trunking mode and assign VLAN 5 as the native VLAN. Check results. Your completion percentage should be 72%. This document is Cisco Public Information. If not. Assign the PC access ports to VLANs: • VLAN 15: PC1 connected to Fa0/11 Page 3 of 4 All contents are Copyright © 1992–2007 Cisco Systems. Configure the VTP mode on all three switches. • • • • VLAN 15 Production VLAN 25 Staff VLAN 35 Guest(Default) VLAN 5 Management&Native Step 2. It may take a few minutes for Packet Tracer to simulate the VTP advertisements. Task 5: Configure VLANs Step 1. Configure the VTP domain name on all three switches. Configure trunking on S1. Step 2.1: Packet Tracer Skills Integration Challenge Task 3: Configure VTP Step 1. click Check Results to see which required components are not yet completed. Assign VLANs to access ports on S2. Task 6: Assign VLANs to Ports Step 1.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5. Configure S1 as the server. Step 3. Create and name the following VLANs on S1 only.

Step 3. All rights reserved. Use appropriate command to verify your VLAN implementation. click Check Results to see which required components are not yet completed. This document is Cisco Public Information. If not. click Check Results to see which required components are not yet completed. Verify that S1 is the root bridge. Task 7: Configure STP Step 1. Set the priority level on S1 so that it is always the root bridge for all VLANs. Page 4 of 4 . Verify VLAN implementation. Inc. Ensure that S1 is the root bridge. All contents are Copyright © 1992–2007 Cisco Systems. Your completion percentage should be 87%. If not. Step 2. Configure the host PCs. Check results. Use your addressing scheme to configure the PCs Fast Ethernet interface and default gateway. click Check Results to see which required components are not yet completed. Check results.1: Packet Tracer Skills Integration Challenge • • VLAN 25: PC2 connected to Fa0/18 VLAN 35: PC3 connected to Fa0/6 Step 2. If not. Step 2. Task 8: Configure Host PCs Step 1. Check results.CCNA Exploration LAN Switching and Wireless: STP PT Activity 5.6. Your completion percentage should be 81%. Your completion percentage should be 100%. Step 3.

17. you will configure traditional inter-VLAN routing simply by configuring two Fast Ethernet interfaces on a router.10 172.17.2.10.0 255. This document is Cisco Public Information. and the privileged EXEC password is class. Inc. The user EXEC password is cisco.PT Activity 6. In traditional inter-VLAN routing. All contents are Copyright © 1992–2007 Cisco Systems.4: Configuring Traditional Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device R1 PC1 PC3 Interface Fa0/0 Fa0/1 NIC NIC IP Address 172.1 Learning Objectives • • • • Test connectivity without inter-VLAN routing Add VLANs to a switch Configure IP addressing on a router Test connectivity with inter-VLAN routing Introduction In this activity.17.0 255.17.1 172.2.10.255.255.10.0 255. You will complete the configuration by adding VLANs to S1 and assigning VLANs to the correct ports. Then you will configure R1 with IP addressing.30.255.255. All rights reserved.255.255.1 172. there are no additional.255. VLAN-related configurations needed on R1.17.1 172.30.30. R1 has two connections to S1—one for each of the two VLANs.10 Subnet Mask 255. S1 and R1 already have basic configurations.17.0 Default Gateway N/A N/A 172. Page 1 of 3 .255.

Page 2 of 3 . Assign the switch ports as follows: • • Assign the Fa0/5 and Fa0/6 interfaces to VLAN 30. Fa0/8 Fa0/9. Notice how the ping cannot even cross the switch. Fa0/2. Fa0/15. Fa0/16 Fa0/17. Fa0/18. Inc. ping between PC1 and PC3. Fa0/7. Assign the Fa0/8 and Fa0/11 interfaces to VLAN 10. so the ping fails. The link lights on the switch connecting to PC1 and PC3 change from amber to green. Fa0/14. they cannot communicate with one another. issue the show vlan brief command from the privileged EXEC prompt.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. and PC3 belongs to VLAN 30. Step 2. Create two VLANs on S1. Fa0/6. Fa0/3. issue the vlan 10 and vlan 30 commands in global configuration mode. Assign the VLANs to ports.-----------------------------. Fa0/12 Fa0/13.--------. Each port on the switch is assigned to a VLAN to allow for inter-VLAN communication. Fa0/11. one for PC1 and one for PC3. Because the two PCs are on separate networks and the router is not configured.2. S2#show vlan brief VLAN Name Status Ports ---. Ping between PC1 and PC3.------------------------------1 default active Fa0/1. Your completion percentage should be 0%. When the link lights are green. Create VLANs on S1. Fa0/20 Fa0/21. Gig1/2 10 VLAN0010 active 30 VLAN0030 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Step 2. Fa0/19. This document is Cisco Public Information. PC1 belongs to VLAN 10. Fa0/10. S2#configure terminal S2(config)#vlan 10 S2(config-vlan)#vlan 30 To check whether the VLANs were created. • • • Switch to simulation mode by clicking the Simulation tab or pressing Shift+S. All contents are Copyright © 1992–2007 Cisco Systems.4: Configuring Traditional Inter-VLAN Routing Task 1: Test Connectivity without Inter-VLAN Routing Step 1. Fa0/24 Gig1/1. Click Capture/Forward to see the steps the ping takes between PC1 and PC3. Switch to simulation mode to monitor pings.2. Fa0/23. All rights reserved. To create the VLANs. Fa0/4 Fa0/5. Fa0/22. Task 2: Add VLANs Step 1. Wait for switch convergence.

0.17. The switchport mode access command sets the port to access mode.255.1 and subnet mask 255. Switch to simulation mode to monitor pings. Issue the no shutdown command on both interfaces to bring them up. The switchport access vlan 10 assigns VLAN 10 to that port. S2(config)#interface fa0/8 S2(config-if)#switchport mode access S2(config-if)#switchport access vlan 10 Repeat the above steps for Fa0/5. the command is interface fa0/8. Watch as the ping goes from PC1 through S1.17. Step 4.17. All rights reserved.30.255.1 and subnet mask 255. Test connectivity between PC1 and PC3. Ping between PC1 and PC3.0. then to R1. assigning the correct VLANs to each interface.1 255. click Check Results to see which required components are not yet completed.4: Configuring Traditional Inter-VLAN Routing To assign a VLAN to a port.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. If not. then back to S1. The ping should succeed. If not. Page 3 of 3 .255.255.2.255. Click Capture/Forward to see the steps the ping takes between PC1 and PC3. Now issue a ping between PC1 and PC3. Fa0/6. The ping should still fail. Then ping from PC1 to PC3.2. Inc.1 255. Step 2.0 R1(config-if)#no shutdown Step 2. Your completion percentage should be 45%. Your completion percentage should be 100%. Wait for STP to converge. Check results.0 R1(config-if)#no shutdown R1(config-if)#interface fa0/1 R1(config-if)#ip address 172.10.255. Step 3. R1(config)#interface fa0/0 R1(config-if)#ip address 172. Configure the Fa0/0 interface of R1 with the IP address 172. and finally to the PC3. • • • Switch to simulation mode by clicking the Simulation tab or pressing Shift+S. Check results. Configure the Fa0/1 interface with the IP address 172.255. and Fa0/11. enter the interface configuration. This document is Cisco Public Information. All contents are Copyright © 1992–2007 Cisco Systems. Configure IP addressing on R1. Task 4: Test Connectivity Again Step 1.255.10. For Fa0/8.17.30. click Check Results to see which required components are not yet completed. Task 3: Configure IP Addressing Step 1.

17.10 Subnet Mask 255. All rights reserved.2.0 255.10.1 172.17. The user EXEC password is cisco.10 Fa0/1.255.255.10.255.0 Default Gateway N/A N/A 172.PT Activity 6.17. This document is Cisco Public Information.30.255.30.255. Inc. you will configure Router-on-a-Stick inter-VLAN routing.17.17.255.255. and the privileged EXEC password is class.5: Configuring Router-on-a-Stick Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device R1 PC1 PC3 Interface Fa0/1.2.255.30.1 172. R1 has one connection to S1.1 172. S1 and R1 already have basic configurations.1 Learning Objectives • • • • Test connectivity without inter-VLAN routing Add VLANs to a switch Configure IP addressing on a router Test connectivity with inter-VLAN routing Introduction In this activity.10.0 255.0 255. Page 1 of 4 .30 NIC NIC IP Address 172. You will complete the configuration by adding VLANs to S1 and assigning VLANs to All contents are Copyright © 1992–2007 Cisco Systems.10 172.17.

PC1 belongs to VLAN 10. Because the two PCs are on separate networks and inter-VLAN routing is not configured. Fa0/22. • • • Switch to simulation mode by selecting the Simulation tab or pressing Shift+S. Task 2: Add VLANs Step 1.5: Configuring Router-on-a-Stick Inter-VLAN Routing the correct ports. Notice how the ping cannot even cross the switch. Click Capture/Forward to see the steps the ping takes between PC1 and PC3. Fa0/10. Fa0/19. S1#configure terminal S1(config)#vlan 10 S1(config-vlan)#vlan 30 To check whether the VLANs were created. Fa0/4 Fa0/5. Fa0/11. Fa0/12 Fa0/13. Your completion percentage should be 0%. issue the vlan 10 and vlan 30 commands in global configuration mode. Fa0/6. they cannot communicate with one another. The Fa0/11 interface belongs to VLAN 10. Fa0/23.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. This document is Cisco Public Information. Ping between PC1 and PC3. so the ping fails. Step 2. Fa0/15. ping between PC1 and PC3. Fa0/8 Fa0/9. Task 1: Test Connectivity without Inter-VLAN Routing Step 1. To create the VLANs. Each port is assigned to a VLAN to allow for inter-VLAN communication. When the link lights are green. Fa0/7. Fa0/16 Fa0/17. and IP addressing. issue the show vlan brief command from the privileged EXEC prompt. All rights reserved.1Q encapsulation.--------. Fa0/18. Fa0/3. Assign the VLANs to ports. Fa0/2. S1#show vlan brief VLAN Name Status Ports ---. Switch to simulation mode to monitor pings. 802.2. Create VLANs on S1. Then you will configure R1 with subinterfaces. Inc. Create VLAN 10 and VLAN 30 on S1. Fa0/20 Fa0/21. and the Fa0/6 interface belongs to VLAN 30. Fa0/24 Gig1/1. Gig1/2 10 VLAN0010 active 30 VLAN0030 active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Step 2. Wait for switch convergence.2.-----------------------------. Page 2 of 4 . The link lights on the switch connecting to PC1 and PC3 change from amber to green. Fa0/14. and PC2 belongs to VLAN 30. All contents are Copyright © 1992–2007 Cisco Systems.------------------------------1 default active Fa0/1.

1Q and assign VLAN 10 to the virtual interface. click Check Results to see which required components are not yet completed. This document is Cisco Public Information.1 255.0 R1(config-subif)#interface fa0/1. Notice that the router prompt changes.0 Step 2.17.5: Configuring Router-on-a-Stick Inter-VLAN Routing To assign a VLAN to a port. Check results. Configure subinterfaces with 802. These subinterfaces are assigned to VLANs. Step 4. Your completion percentage should be 27%. Your completion percentage should be 100%.1 255.10 by issuing the interface fa0/1.10.1 with a subnet mask of 255. enter subinterface configuration mode for Fa0/1. From the Fa0/5 interface. Inc.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. Now issue a ping between PC1 and PC3. but it is necessary in configuring inter-VLAN routing. The switchport access vlan 10 command assigns VLAN 10 to that port. All contents are Copyright © 1992–2007 Cisco Systems.255. Issue the switchport mode access command to set the port to access mode. R1(config)#interface fa0/1. click Check Results to see which required components are not yet completed.10 and Fa0/1. issue the switchport mode trunk command to set the port to trunk. enter interface configuration mode. The ping should still fail. Page 3 of 4 . which allows it to carry information from both VLAN 10 and VLAN 30. S1(config-if)#interface fa0/5 S1(config-if)#switchport mode trunk Step 3.10 R1(config-subif)#encapsulation dot1Q 10 R1(config-subif)#ip address 172.30. If not. Create two subinterfaces on R1: Fa0/1. All rights reserved. For Fa0/1.0.30.10. Test connectivity between PC1 and PC3. it is 172. Task 3: Configure IP addressing Step 1.30 R1(config-subif)#encapsulation dot1Q 30 R1(config-subif)#ip address 172. S1(config)#interface fa0/6 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 30 The Fa0/5 port on S1 is set to trunk.255.2. Assign the correct IP address to the port. For Fa0/11. Check results.1Q encapsulation.17.10.255. If not. Packet Tracer does not grade this command. Repeat these steps for the Fa0/1. S1(config-if)#interface fa0/11 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 10 Repeat the steps for the Fa0/6 interface for VLAN 30. To create the first subinterface.10 command. issue the encapsulation dot1Q 10 command to set the encapsulation type to 802.2.255. While in subinterface configuration mode.255.17.255.30 interface using the correct IP address and VLAN ID. the command is interface fa0/11.

All rights reserved. Ping between PC1 and PC3. Page 4 of 4 . The ping should succeed.5: Configuring Router-on-a-Stick Inter-VLAN Routing Task 4: Test Connectivity Again Step 1. This document is Cisco Public Information. Ping from PC1 to PC3.2. Click Capture/Forward to see the steps the ping takes between PC1 and PC3. All contents are Copyright © 1992–2007 Cisco Systems. then to R1.2. and finally to the PC3. Step 2. Switch to simulation mode to monitor pings. Watch how the ping goes from PC1 through S1 first. Inc.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. then back to S1. • • • Switch to simulation mode by selecting the Simulation tab or pressing Shift+S.

10 Subnet Mask 255.255.255.17.10 Fa0/1.30.0 Default Gateway N/A N/A 172.30.255.1 172.255.PT Activity 6.255. you will troubleshoot connectivity problems between PC1 and PC3.1 Learning Objectives • • • Test connectivity between PCs and a router Gather data on the problem Implement the solution and test connectivity Introduction In this activity.17.255.0 255. Page 1 of 3 .3.10.10. All rights reserved.0 255. This document is Cisco Public Information.1 172.0 255.255.30 NIC NIC IP Address 172. The activity is complete when you achieve 100% and the two PCs can ping each other.17. Any solution you implement must conform to the topology diagram. Inc.255.3: Troubleshooting Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device R1 PC1 PC3 Interface Fa0/1.17.30.10 172.17.1 172. All contents are Copyright © 1992–2007 Cisco Systems.10.17.

Are the configurations on the router correct? Be sure to verify the following: • • • IP addresses Interface status Encapsulation and VLAN assignment Step 4.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. PC1 and/or PC3 Problem: ___________________________________________________________________________ The default gateway address of PC3 is incorrect. Inc. Verify the configuration on R1. Are the following configurations for each PC correct? • • • IP address Subnet mask Default gateway Step 2. Page 2 of 3 . What are the reasons why connectivity failed between the PCs? What are the solutions? There could be more than one problem and more than one solution. All rights reserved. S1 All contents are Copyright © 1992–2007 Cisco Systems. The following tests should be successful at the conclusion of this activity: • • • PC1 can ping R1 PC3 can ping R1 PC1 can ping PC3 Can PC1 ping R1? ___________ Will be no on the first test Can PC3 ping R1? ___________ Will be no on the first test Can PC1 ping PC3? ___________ Will be no on the first test Task 2: Gather Data on the Problem Step 1. Verify the configuration on the PCs. Are the configurations on the switch correct? Be sure to verify the following: • • • Ports assigned to the correct VLANs Ports configured for the correct mode Ports connected to the correct device Step 3. This document is Cisco Public Information.3: Troubleshooting Inter-VLAN Routing Task 1: Test Connectivity between PCs and a Router Use the Add Simple PDU tool to ping between two PCs on the same VLAN.3. Solution: ___________________________________________________________________________ Change the default gateway address to the correct one according to the addressing table. Verify the configuration on S1. Document the problem and suggest solutions. All solutions must conform to the topology diagram.

Step 2. return to Step 1 and continue to implement your suggested solutions. You will not be able to click Check Results and see which required components are not yet completed. Test connectivity between PCs and R1. Note: If you make changes to the switch configuration.3. • • • PC1 should be able to ping R1 PC3 should be able to ping R1 PC1 should be able to ping PC3 Can PC1 ping R1? ___________ Should be yes after solution implementation Can PC3 ping R1? ___________ Should be yes after solution implementation Can PC1 ping PC3? __________ Should be yes after solution implementation If any pings fail. Solution: ___________________________________________________________________________ Enable port Fa0/1. return to Task 2 to continue troubleshooting. This document is Cisco Public Information. This is necessary so that the switch port will proceed to the forwarding state. you should make the changes in Realtime mode rather than Simulation mode. R1 Problem: ___________________________________________________________________________ Port Fa0/1.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6.10 on R1. Step 3. Make changes according to the suggested solutions in Task 2. Solution: ___________________________________________________________________________ Configure the Fa0/5 port on S1 for trunking. All rights reserved. Task 3: Implement the Solution and Test Connectivity Step 1. All contents are Copyright © 1992–2007 Cisco Systems.10 on R1 is administratively shut down.3: Troubleshooting Inter-VLAN Routing Problem: ___________________________________________________________________________ The Fa0/5 port on S1 is configured as an access port. Check completion percentage. If not. Page 3 of 3 . Your completion percentage should be 100%. If you change any IP configurations. Inc. you should create new pings because the prior pings use the old IP address.

1 172.17.10.17.99.99.17.99.255.17.17.255.255.17.0 255.99.17.0 255.1 N/A N/A 172.17.99.17.20.13 Subnet Mask 255.0 255.0 All contents are Copyright © 1992–2007 Cisco Systems.17.23 172.50.1 172.1 172. Inc.17.21 172.12 172.0 255.254 255.0 255. All rights reserved.255.17.255.17.4.30.11 172.1 172.255.50.255.1 Page 1 of 8 See Interface Configuration Table 172.255.255.255.17.30.1 172.99. This document is Cisco Public Information.255.255.255.20.PT Activity 6.255.0 255.17.255.10. .255.22 172.50.1: Basic Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 R1 PC1 PC2 PC3 Server Interface VLAN 99 VLAN 99 VLAN 99 Fa0/0 Fa0/1 NIC NIC NIC NIC IP Address 172.1 172.0 Default Gateway 172.

17.10.Students Network 172.30. Switch(config)#hostname S1 S1(config)#enable secret class S1(config)#no ip domain-lookup End with CNTL/Z.1.17.0/17 Fa0/18 .0 /24 172. Configure an EXEC mode password of class. S2. Page 2 of 8 . Disable DNS lookup. one per line. Configure a password of cisco for vty connections. Configure the default gateway on each switch. This document is Cisco Public Information.17.17.17.0 /24 172.17. and S3 switches according to the addressing table and the following guidelines: • • • • • • • Configure the switch hostname. Configure a password of cisco for console connections.0/5 Fa0/6 .1 /24 172.4.1 Fa0/0.0 /24 Subinterface Configuration Table – R1 Interface Fa0/0.20.30 Fa0/0. configure addressing on PCs.17.1 /24 172.99 Assignment VLAN 1 VLAN 10 VLAN 20 VLAN 30 VLAN 99 IP Address 172.30. Switch>enable Switch#config term Enter configuration commands.20.99.17.1: Basic Inter-VLAN Routing Port Assignments – S2 Ports Fa0/1 . All contents are Copyright © 1992–2007 Cisco Systems.1 /24 Learning Objectives • • • • Perform basic switch configurations Configure the Ethernet interfaces on the host PCs Configure VTP on the switches Configure the router and the remote server LAN Introduction In this activity.17. you will perform basic switch configurations.0/10 Fa0/11 .10 Fa0/0.99. configure VTP and inter-VLAN routing.10. Inc.1 /24 172.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6.1 /24 172.0/24 Assignment 802. Configure the default gateway.1q Trunks (Native VLAN 99) VLAN 30 – Guests(Default) VLAN 10 – Faculty/Staff VLAN 20 .20 Fa0/0.0 /24 172. All rights reserved. Task 1: Perform Basic Switch Configurations Configure the S1.

..CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. Configure VTP on the three switches using the following table. Inc.4. Switch Name S1 S2 S3 VTP Operating Mode Server Client Client VTP Domain Lab5 Lab5 Lab5 VTP Password cisco cisco cisco S1(config)#vtp mode server Device mode already VTP SERVER. Task 3: Configure VTP on the Switches Step 1. All rights reserved. This document is Cisco Public Information.1: Basic Inter-VLAN Routing S1(config)#ip default-gateway 172. Configure VTP. S1(config)#vtp domain Lab6 Changing VTP domain name from NULL to Lab6 S1(config)#vtp password cisco Setting device VLAN database password to cisco S1(config)#end S2(config)#vtp mode client Setting device to VTP CLIENT mode S2(config)#vtp domain Lab6 Changing VTP domain name from NULL to Lab6 All contents are Copyright © 1992–2007 Cisco Systems.99. PC2 and PC3 with the IP addresses from the addressing table.1 S1(config)#line console 0 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#line vty 0 15 S1(config-line)#password cisco S1(config-line)#login S1(config-line)#end %SYS-5-CONFIG_I: Configured from console by console S1#copy running-config startup-config Destination filename [startup-config]? [enter] Building configuration. Task 2: Configure the Ethernet Interfaces on the Host PCs Configure the Ethernet interfaces of PC1.17. Page 3 of 8 . Enable the user ports on S2 in access mode. S2(config)#interface fa0/6 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/11 S2(config-if)#switchport mode access S2(config-if)#no shutdown S2(config-if)#interface fa0/18 S2(config-if)#switchport mode access S2(config-if)#no shutdown Step 2. Remember that VTP domain names and passwords are case-sensitive.

Configure the VTP server with VLANs.4. This document is Cisco Public Information. Configure trunking ports and designate the native VLAN for the trunks. All rights reserved. S1(config)#interface fa0/1 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 99 S1(config-if)#no shutdown S1(config)#end S2(config)#interface fa0/1 S2(config-if)#switchport mode trunk S2(config-if)#switchport trunk native vlan 99 S2(config-if)#no shutdown S2(config-if)#end S3(config)#interface fa0/1 S3(config-if#switchport mode trunk S3(config-if)#switchport trunk native vlan 99 S3(config-if)#no shutdown S3(config-if-#end Step 4.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. When this activity was started. these ports were disabled and must be re-enabled now using the no shutdown command. Inc. Only the commands for the FastEthernet0/1 interface on each switch are shown. but the commands should be applied up to the FastEthernet0/5 interface.1: Basic Inter-VLAN Routing S2(config)#vtp password cisco Setting device VLAN database password to cisco S2(config)#end S3(config)#vtp mode client Setting device to VTP CLIENT mode S3(config)#vtp domain Lab6 Changing VTP domain name from NULL to Lab6 S3(config)#vtp password cisco Setting device VLAN database password to cisco S3(config)#end Step 3. and designate VLAN 99 as the native VLAN for these trunks. Configure Fa0/1 through Fa0/5 as trunking ports. Page 4 of 8 VLAN Name management faculty-staff students guest . Configure the following VLANS on the VTP server: VLAN VLAN 99 VLAN 10 VLAN 20 VLAN 30 S1(config)#vlan 99 S1(config-vlan)#name management S1(config)#vlan 10 S1(config-vlan)#name faculty-staff S1(config)#vlan 20 S1(config-vlan)#name students S1(config)#vlan 30 All contents are Copyright © 1992–2007 Cisco Systems.

Step 5. Fa0/4. Inc.--------.13 255. Fa0/16. Fa0/7. This document is Cisco Public Information. Page 5 of 8 .12 255. Fa0/20 Fa0/21. Fa0/14.--------. All rights reserved. Fa0/19.0 S3(config)#interface vlan99 S3(config-if)#ip address 172. Fa0/24 Gig1/1.255. Fa0/8 Fa0/9.255. Verify that the VLANs created on S1 have been distributed to S2 and S3. From S1.0 S2(config)#interface vlan99 S2(config-if)#ip address 172.255.99.11 255. ping the management interface on S2 and S3.Fa0/13 Fa0/14.99.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. Gig1/2 10 faculty-staff active 20 students active 30 guest active 99 management active 1002 fddi-default active 1003 token-ring-default active 1004 fddinet-default active 1005 trnet-default active Step 6. Fa0/24.Fa0/21 Fa0/22. Fa0/23. Fa0/23. Fa0/15.-----------------------------. Fa0/11. Fa0/18.1: Basic Inter-VLAN Routing S1(config-vlan)#name guest S1(config-vlan)#end Verify that the VLANs have been created on S1 with the show vlan brief command. Fa0/12 Fa0/13.----------------------------1 default active Fa0/1.255.---------------------------. Fa0/8. S1(config)#interface vlan99 S1(config-if)#ip address 172.------------------------------1 default active Fa0/5. Fa0/2.17. All contents are Copyright © 1992–2007 Cisco Systems.Fa0/17 Fa0/18. Fa0/5 Fa0/6. ping the management interface on S3. Configure the management interface address on all three switches.17.17. Fa0/6.255. From S2.4. Fa0/15. Fa0/12.255. Fa0/9 Fa0/10. Use the show vlan brief command on S2 and S3 to verify that all four VLANs have been distributed to the client switches. Fa0/11. Fa0/10. Gi0/1 Gi0/2 10 faculty/staff active 20 students active 30 guest active 99 management active S3#show vlan brief VLAN Name Status Ports ---.0 Verify that the switches are correctly configured by pinging between them. Fa0/16 Fa0/17. Fa0/19. S2#show vlan brief VLAN Name Status Ports ---. Fa0/7. Fa0/20.99. Fa0/22.

S2(config)#interface fa0/6 S2(config-if)#switchport access vlan 30 S2(config-if)#interface fa0/11 S2(config-if)#switchport access vlan 10 S2(config-if)#interface fa0/18 S2(config-if)#switchport access vlan 20 S2(config-if)#end S2#copy running-config startup-config Destination filename [startup-config]? [enter] Building configuration. Create a basic configuration on the router. is connected to a LAN switch with multiple connections--a separate connection for each VLAN that requires inter-VLAN connectivity. and inter-VLAN routing is enabled. This document is Cisco Public Information. under-utilization of ports on L3 switches and routers.. There are a couple of options for configuring routing between VLANs.22) Ping from PC2 to PC3 (172. Disable DNS lookup. the routing table has directly connected routes for all VLANs. [OK] S2# Step 8. Port assignments are listed in the table at the beginning of the activity. Each of the switch ports used by the L3 device are configured in a different VLAN on the switch. why do these pings fail? Task 4: Configure the Router and the Remote Server LAN Step 1.23) • Ping from PC3 to PC1 (172.17.17. Assign switch ports to VLANs on S2. only assign the first port from each range. However. Configure an EXEC mode password of class. Configure the trunking interface on R1. and excessive wiring and manual configuration. Open the Command Prompt on the three PCs. exactly like connectivity between any two remote networks. An L3 device. since Packet Tracer 4.20.4. Inc. Step 7. After IP addresses are assigned to the interfaces on the L3 device.17. The first is something of a brute force approach.30.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6.. You have demonstrated that connectivity between VLANs requires routing at the network layer. All contents are Copyright © 1992–2007 Cisco Systems.11 does not support the interface range command.30. troubleshoot the switch configurations and try again. The limitations to this approach are the lack of sufficient Fast Ethernet ports on routers. Page 6 of 8 . • • Ping from PC1 to PC2 (172. Configure a password of cisco for console connections. Check connectivity between VLANs. The topology used in this lab does not use this approach. Configure a password of cisco for vty connections. All rights reserved.21) Are the pings successful? ______________ yes If not.1: Basic Inter-VLAN Routing Were the pings successful? ______________________ yes If not. • • • • • Configure the router with hostname R1. Step 2. either a router or a Layer 3 capable switch.

1. and to configure these connections as dot1q trunks.1 R1(config-subif)#encapsulation dot1q 1 R1(config-subif)#ip address 172. All rights reserved. as has been done here.17. This allows all inter-VLAN traffic to be carried to and from the routing device on a single trunk. The subinterface will then be up by default.99 R1(config-subif)#encapsulation dot1q 99 native R1(config-subif)#ip address 172.1 255.0 R1(config-subif)#interface fastethernet 0/0.255.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)#ip address 172.255.1 255. Step 3. called subinterfaces.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. However.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)#ip address 172. Inc.17. Verify that you can route packets to all six by checking the routing table on R1. but it is good practice to assign the number of the VLAN as the interface number.255.0 R1(config-subif)#interface fastethernet 0/0.255.10. because router interfaces are down by default. Page 7 of 8 .30.255. Otherwise.255.0 R1(config-subif)#interface fastethernet 0/0.50.0 R1(config-subif)#interface fastethernet 0/0.17.1 255.20.255. VLAN 1 is native by default.4. Using the subinterface configuration approach requires these steps: • • • Enter subinterface configuration mode Establish trunking encapsulation Associate a VLAN with the subinterface • Assign an IP address from the VLAN to the subinterface The commands are as follows: R1(config)#interface fastethernet 0/0 R1(config-if)#no shutdown R1(config-if)#interface fastethernet 0/0.17.30 R1(config-subif)#encapsulation dot1q 30 R1(config-subif)#ip address 172.255. This can be done by creating virtual interfaces. it requires that the L3 interface be configured with multiple IP addresses. R1#show ip route <output omitted> All contents are Copyright © 1992–2007 Cisco Systems.255.17.1 255.99.0 Note the following points in this configuration: • • • The physical interface is enabled using the no shutdown command.255.1 255.0 R1(config-if)#description server interface R1(config-if)#no shutdown R1(config-if)#end There are now six networks configured. The subinterface can use any number that can be described with 32 bits. This document is Cisco Public Information. and there is no communication between the router and the management VLAN on the switches. on one of the router Fast Ethernet ports and configuring them to be dot1q aware. Configure the server LAN interface on R1.1: Basic Inter-VLAN Routing An alternative approach is to create one or more Fast Ethernet connections between the L3 device (the router) and the distribution layer switch. R1(config)#interface FastEthernet0/1 R1(config-if)#ip address 172.255.255.17. The native VLAN is specified on the L3 device so that it is consistent with the switches.1 255.

0 is directly connected.0/24 is subnetted.0 is directly connected.99 interface configuration. Inc. troubleshoot your configuration.17.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. troubleshoot your configuration and resolve the problem before proceeding. FastEthernet0/0.0 is directly connected. FastEthernet0/0.50.17. Step 4. FastEthernet0/0. Page 8 of 8 . Check to make sure that the default gateways have been set on all PCs and all switches. Why would packets from the router or hosts fail when trying to reach the switch management interfaces if the native VLAN were left in default? All contents are Copyright © 1992–2007 Cisco Systems.1.10 172.17. This document is Cisco Public Information.10. FastEthernet0/0.30.22 and 172.4. Verify Inter-VLAN routing.20.20 172.254) and the other two hosts (172. Task 5: Reflection In Task 4.17.23).17.0 is directly connected.50.30.1 172.17.99 C C C C C C If your routing table does not show all six networks.30 172. All rights reserved.1: Basic Inter-VLAN Routing Gateway of last resort is not set 172.0 is directly connected.17. It may take a couple of pings before the end-to-end path is established.0.0 is directly connected. verify that you can ping the remote server (172. If not. These pings should be successful.17.99.20. From PC1. you configured VLAN 99 as the native VLAN in the router Fa0/0. FastEthernet0/1 172. FastEthernet0/0.17.17. 6 subnets 172.

50.20.255.168.255.1 192.254 255.0 255. .168.0 255.255.1 Subnet Mask 255.255.10.99.255.255.20.0 Default Gateway 192.99.11 192.30.99.0 255.255.255. Inc.13 192.21 192. This document is Cisco Public Information.168.168.255.168.255.22 192.168.1 192.2: Challenge Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 R1 PC1 PC2 PC3 Server Interface VLAN 99 VLAN 99 VLAN 99 Fa0/0 Fa0/1 NIC NIC NIC NIC IP Address 192.168.10.23 192.168.255.4.168.50.255.99.0 255.255.255.99.99.168.12 192.0 All contents are Copyright © 1992–2007 Cisco Systems.168.PT Activity 6.168.0 255.168.1 Page 1 of 4 See Interface Configuration Table 192.30.50.255. All rights reserved.168.1 192.255.0 255.168.1 192.1 192.1 N/A N/A 192.

Task 1: Perform Basic Switch Configurations Configure the S1. PC2.1 Fa0/0.30 Fa0/0. Page 2 of 4 .0 /24 Interface Configuration Table – R1 Interface Fa0/0.1 /24 192. trunking.0 /24 192. This document is Cisco Public Information. PC3 and the remote TFTP/Web Server with the IP addresses from the addressing table. and demonstrate inter-VLAN routing. Task 2: Configure the Ethernet Interfaces on the Server and Host PCs Configure the Ethernet interfaces of PC1.1 /24 192.20 Fa0/0.20.168.168.1 /24 192. Connect these devices using the correct cables and interfaces.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. configure VTP.4.0/5 Fa0/6 . Disable DNS lookup. configure subinterfaces.0/10 Fa0/11 . All contents are Copyright © 1992–2007 Cisco Systems. Configure an EXEC mode password of class.20. Configure a password of cisco for console and vty connections.10.0/17 Fa0/18 .0/24 Assignment 802.2: Challenge Inter-VLAN Routing Port Assignments – S2 Ports Fa0/1 . Inc. and S3 switches according to the following guidelines and save all your configurations: • • • • • Configure the switch hostname.168.10 Fa0/0.1.99 Assignment VLAN 1 VLAN 10 VLAN 20 VLAN 30 VLAN 99 IP Address 192. Configure the default gateway on each switch.1q Trunks (Native VLAN 99) VLAN 30 – Sales VLAN 10 – R&D VLAN 20 . All rights reserved.0 /24 192.168.168.10.Engineering Network 192. you will perform basic switch configurations.99.1 /24 Learning Objectives • • • • Perform basic switch configurations Configure the Ethernet interfaces on the server and host PCs Configure VTP on the switches Configure the router Introduction In this activity.168.0 /24 192.168.99.30.168.168.1 /24 192. S2.30.

Page 3 of 4 . Remember that VTP domain names and passwords are case-sensitive. Configure Fa0/1 through Fa0/5 as trunking ports. Assign switch ports to VLANs on S2.21) to PC2 (192. Configure VTP on the three switches.30. ping the Management interface on S3. Step 4.22). Inc. Ping from PC1 (192. Were the pings successful? ______________ yes If not. Ping from PC2 to PC3 (192. Step 6. Check connectivity between VLANs. Open command windows on the three hosts connected to S2. Configure the Management interface address on all three switches. and designate VLAN 99 as the native VLAN for these trunks.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. Configure VLANs on the VTP server.23). From S2.4. troubleshoot the switch configurations and resolve. Step 7. All rights reserved. Step 5. ping the Management interface on S2 and S3.20.168. From S1. Refer to the addressing table and assign IP addressing to the three switches. This document is Cisco Public Information. Use the following table to configure the switches.168. Configure trunking ports and designate the native VLAN for the trunks.10. VLAN VLAN 99 VLAN 10 VLAN 20 VLAN 30 VLAN Name Management R&D Engineering Sales Verify that the VLANs have been created on S1 with the show vlan brief command. Step 3. Are the pings successful? _______________ All contents are Copyright © 1992–2007 Cisco Systems. Use the show vlan brief command on S2 and S3 to verify that the four VLANs have been distributed to the client switches. Verify that the switches are correctly configured by pinging between them. Verify that the VLANs created on S1 have been distributed to S2 and S3.168.2: Challenge Inter-VLAN Routing Task 3: Configure VTP on the Switches Step 1. Configure the following VLANs on the VTP server. Refer to the port assignment table to assign ports to VLANs on S2. Switch Name S1 S2 S3 VTP Operating Mode Server Client Client VTP Domain Lab5 Lab5 Lab5 VTP Password cisco cisco cisco Step 2.

Disable DNS lookup. troubleshoot your configuration and resolve the problem before proceeding. Configure the server LAN interface on R1.22 and 192. but be sure to enable it.30. Verify that you can route packets to all six by checking the routing table on R1. Verify the routing configuration.2: Challenge Inter-VLAN Routing If not. • • • • • Configure the router with hostname R1. This document is Cisco Public Information. Do not assign an IP address to the physical interface. one for each VLAN identified in the Subinterface Configuration Table at the beginning of the activity. Page 4 of 4 . Configure the Fa0/1 interface on R1 with five subinterfaces. Step 2.168. Step 4. Configure a password of cisco for console connections. Step 3. Describe the interface as server interface. Verify inter-VLAN routing From PC1.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6.50. All contents are Copyright © 1992–2007 Cisco Systems. Are the pings successful? ________________ yes If not. troubleshoot your configuration. It may take a couple of pings before the end-to-end path is established. Configure the trunking interface on R1. Refer to the addressing table and configure Fa0/0 with the correct IP address and mask. If any of the hosts have gone into hibernation. Check to make sure the default gateways have been set on all PCs and all switches.20. At this point. verify that you can ping the remote server (192. All rights reserved. Create a basic configuration on the router. Configure an EXEC mode secret of class.23). Configure a password of cisco for vty connections. Step 5. At this point. Specify VLAN 99 as the native VLAN on its subinterface. and use the first address in each VLAN subnet on the router subinterface. Inc.168.4. why do these pings fail? ____________________________________________________________________________________ Task 4: Configure the Router Step 1. Document your subinterfaces and their respective IP addresses in the subinterface table. including the switch management interfaces. you should be able to ping any node on any of the six networks configured on your LAN.254) and the other two hosts (192. there should be six networks configured on R1. If your routing table does not show all six networks.168. the connected interface may go down. Configure these subinterfaces with dot1q encapsulation.

PT Activity 6.20.3: Troubleshooting Inter-VLAN Routing (Instructor Version) Topology Diagram Addressing Table Device S1 S2 S3 R1 PC1 PC2 PC3 Server Interface VLAN 99 VLAN 99 VLAN 99 Fa0/0 Fa0/1 NIC NIC NIC NIC IP Address 192.255.255.30.168.99.168.168.50.21 192.13 192.1 See Interface Configuration Table 192.168.168.255.0 255.255.168.10. This document is Cisco Public Information.0 255.255.50.1 N/A N/A 192.168.1 192.99.255.50.0 255.255.255.0 255.255.0 All contents are Copyright © 1992–2007 Cisco Systems.4.0 Default Gateway 192.168.255.99.168.1 Subnet Mask 255. Inc.168.168.10.254 255.255.1 192.1 192. Page 1 of 3 .20.99.255.22 192.11 192.168.23 192.255.0 255. All rights reserved.99.168.255.168.1 192.99.168.255.0 255.1 192.255.30.12 192.

3: Troubleshooting Inter-VLAN Routing Port Assignments – S2 Ports Fa0/1 .99.CCNA Exploration LAN Switching and Wirelss: Inter-VLAN Routing PT Activity 6.0 /24 192. What routes should be in the R1 routing table? ______________________________________________________________________________ All directly connected networks.4.168.1 Fa0/0.1 /24 192. This document is Cisco Public Information.Engineering Network 192.20.0/10 Fa0/11 .99.10 Fa0/0.0 /24 192.10.1 /24 192.1 /24 192. All contents are Copyright © 1992–2007 Cisco Systems. Page 2 of 3 .168.168.0/24 Assignment 802.1.0 /24 Interface Configuration Table – R1 Interface Fa0/0. the link between S1 and R1 is down. Inc.99 Assignment VLAN 1 VLAN 10 VLAN 20 VLAN 30 VLAN 99 IP Address 192. find and correct all configuration errors.168. Task 1: Troubleshoot and Correct the Inter-VLAN Issues and Configuration Errors Begin by identifying what is working and what is not: What is the state of the interfaces? ______________________________________________________________________________ All trunking ports are up.30.168.20.168.10.168.1q Trunks (Native VLAN 99) VLAN 30 – Sales VLAN 10 – R&D VLAN 20 . and document the corrected network.30 Fa0/0. you will troubleshoot the network.1 /24 192.20 Fa0/0.168.0/5 Fa0/6 . What hosts can ping other hosts? ______________________________________________________________________________ No hosts can ping any other hosts. All rights reserved. Which hosts can ping the server? ______________________________________________________________________________ None.30. and the link between R1 and Server is down.1 /24 Learning Objectives • • Troubleshoot and correct the Inter-VLAN issues and configuration errors Document the network configuration Introduction In this activity.0 /24 192.0/17 Fa0/18 .168.

CCNA Exploration LAN Switching and Wirelss: Inter-VLAN Routing

PT Activity 6.4.3: Troubleshooting Inter-VLAN Routing

When all errors are corrected, you should be able to ping the remote server from any PC or any switch. In addition, you should be able to ping between the three PCs and ping the management interfaces on switches from any PC.

Task 2: Document the Network Configuration
When you have successfully completed your troubleshooting, capture the output of the router and all three switches with the show run command and save it to a text file.

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Page 3 of 3

PT Activity 6.5.1: Packet Tracer Skills Integration Challenge (Instructor Version)
Topology Diagram

Addressing Table
Device Interface Fa0/0 Fa0/1.10 R1 Fa0/1.20 Fa0/1.30 Fa0/1.99 S1 S2 S3 PC1 PC2 PC3 VLAN 99 VLAN 99 VLAN 99 NIC NIC NIC IP Address 172.17.50.1 172.17.10.1 172.17.20.1 172.17.30.1 172.17.99.1 172.17.99.31 172.17.99.32 172.17.99.33 172.17.10.21 172.17.20.22 172.17.30.23 Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Default Gateway N/A N/A N/A N/A N/A 172.17.99.1 172.17.99.1 172.17.99.1 172.17.10.1 172.17.20.1 172.17.30.1
Page 1 of 4

All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing

PT Activity 6.5.1: Packet Tracer Skills Integration Challenge

Learning Objectives
• • • • • • • • Configure and verify basic device configurations Configure VTP Configure trunking Configure VLANs Assign VLANs to ports Configure STP Configure router-on-a-stick Inter-VLAN routing Verify end-to-end connectivity

Introduction
In this activity, you will demonstrate and reinforce your ability to configure switches and routers for interVLAN communication. Among the skills you will demonstrate are configuring VLANs, VTP, and trunking on switches. You will also administer STP on switches and configure a router-on-a-stick using subinterfaces.

Task 1: Configure and Verify Basic Device Configurations
Step 1: Configure basic commands. Configure the router and each switch with the following basic commands. Packet Tracer grades only the hostnames and default gateways. • • • • • • Hostnames Banner Enable secret password Line configurations Service encryption Switch default gateways

Step 2: Configure the management VLAN interface on S1, S2, and S3. Create and enable interface VLAN 99 on each switch. Use the addressing table for address configuration. Step 3: Check results. Your completion percentage should be 17%. If not, click Check Results to see which required components are not yet completed.

Task 2: Configure VTP
Step 1: Configure the VTP mode on all three switches. Configure S1 as the server. Configure S2 and S3 as clients. Step 2: Configure the VTP domain name on all three switches. Use CCNA as the VTP domain name. Step 3: Configure the VTP domain password on all three switches. Use cisco as the VTP domain password.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 4

It may take a few minutes for Packet Tracer to simulate the VTP advertisements. Step 3: Check results. Step 2: Check results. Page 3 of 4 . Use the appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. Configure the appropriate interfaces in trunking mode and assign VLAN 99 as the native VLAN. Your completion percentage should be 67%. Task 5: Assign VLANs to Ports Step 1: Assign VLANs to access ports on S2. Your completion percentage should be 28%. VTP advertises the new VLANs to S1 and S2. Create and name the following VLANs on S1 only. • • • • VLAN 10 Faculty/Staff VLAN 20 Students VLAN 30 Guest(Default) VLAN 99 Management&Native Step 2: Verify that VLANs have been sent to S2 and S3. Step 3: Check results. Assign the PC access ports to VLANs: • • • VLAN 10: PC1 connected to Fa0/11 VLAN 20: PC2 connected to Fa0/18 VLAN 30: PC3 connected to Fa0/6 Step 2: Verify the VLAN implementation. Use the appropriate commands to verify your VLAN implementation.1: Packet Tracer Skills Integration Challenge Step 4: Check results. All rights reserved. Your completion percentage should be 62%. If not. Task 4: Configure VLANs Step 1: Create the VLANs on S1. This document is Cisco Public Information. click Check Results to see which required components are not yet completed. If not. If not. click Check Results to see which required components are not yet completed. click Check Results to see which required components are not yet completed.5. click Check Results to see which required components are not yet completed. Task 3: Configure Trunking Step 1: Configure trunking on S1. Inc.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. and S3. S2. All contents are Copyright © 1992–2007 Cisco Systems. Your completion percentage should be 75%. If not.

Step 5: Verify that the switches can ping R1. Step 4: Verify that PC2 and PC3 can ping each other. If not. Task 7: Configure Router-on-a-Stick Inter-VLAN Routing Step 1: Configure the subinterfaces. Configure the Fa0/1 subinterfaces on R1 using the information from the addressing table.CCNA Exploration LAN Switching and Wireless: Inter-VLAN Routing PT Activity 6. If not.5. Your completion percentage should be 82%. Inc. Step 3: Check results. click Check Results to see which required components are not yet completed. click Check Results to see which required components are not yet completed. Step 2: Check results. All rights reserved. Set priorities to 4096. Step 2: Verify that S1 is the root bridge. This document is Cisco Public Information. Page 4 of 4 . Step 2: Verify that PC1 and PC2 can ping each other. Step 3: Verify that PC3 and PC1 can ping each other.1: Packet Tracer Skills Integration Challenge Task 6: Configure STP Step 1: Ensure S1 is the root bridge. All contents are Copyright © 1992–2007 Cisco Systems. Task 8: Verify End-to-End Connectivity Step 1: Verify that PC1 and Web/TFTP Server can ping each other. Your completion percentage should be 100%.

2: Configuring Wireless LAN Access (Instructor Version) Topology Diagram Learning Objectives • • • • • • Add a wireless router to the network Configure options in the Linksys Setup tab Configure options in the Linksys Wireless tab Configure options in the Linksys Administration tab Add wireless connectivity to a PC Test connectivity Introduction In this activity. All contents are Copyright © 1992–2007 Cisco Systems. Page 1 of 4 .PT Activity 7. Add a Linksys WRT300N to the network. Task 1: Add a Wireless Router to the Network Step 1. as shown in the topology diagram. you will configure a Linksys wireless router.3. Add the device between the switch and PC3. Configure the display name. All rights reserved. Inc. Select the Config tab and set the display name to WRS2. Click Wireless Devices in the Device Manager and select Linksys-WRT300N. Click the Linksys router to open the configuration GUI. Step 2. This document is Cisco Public Information. allowing for remote access from PCs as well as wireless connectivity with WEP security.

2: Configuring Wireless LAN Access Step 3.40. Task 2: Configure Options in the Linksys Setup Tab Step 1.3. subnet mask. Step 2. Your completion percentage should be 50%.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. . locate the Internet Connection Type option under Internet Setup. Clients receive an IP address and mask and are given the router IP to use as a gateway. It is located next to Basic Wireless Settings in the main Wireless tab. this Internet IP address is assigned by the ISP through DHCP. Under Network Name (SSID). For the Router IP option. make sure that the DHCP server is enabled. If not. This document is Cisco Public Information. • • Click Wireless Security. In the Setup screen for the Linksys router. and then select the GUI tab. Note: Typically in a home or small business network. rename the network from Default to WRS_LAN. • • In the Setup screen. • • Click on the Linksys router. and default gateway for WRS2.88. Step 3. Your completion percentage should be 19%.25. click Check Results to see which required components are not yet completed.255. connect the Internet interface of the Linksys router to the Fa0/7 interface of the switch. Configure the VLAN 88 IP address. scroll down to Network Setup. Click the Save Settings button at the bottom of the Setup screen.1 and the subnet mask to 255. If not.255. Connect the Internet interface to S1. Set the security mode.255.17.88. Step 2. These addresses are used for wireless clients.17. Set the network name (SSID).0. Click Save Settings. Step 4. Check results. • Set the default gateway to 172. Set the subnet mask to 255. Inc. set the IP address to 172. • • Set the Internet IP address to 172. Change Security Mode from Disabled to WEP. Under the DHCP Server Setting. Note that the IP address range for the DHCP pool adjusts to a range of addresses to match the router IP parameters. All rights reserved. Step 4.255.0. Page 2 of 4 All contents are Copyright © 1992–2007 Cisco Systems. Task 3: Configure Options in the Linksys Wireless Tab Step 1. Click the drop-down menu and select Static IP from the list. • • • Click the Wireless tab. Check results. click Check Results to see which required components are not yet completed. Using a straight-through cable.1. Configure the router IP parameters.17. Set the Internet connection type to static IP. Step 5. Save settings.

Close the web browser on the PC. set Key1 to 0123456789 Click Save Settings. Step 2. Click the Connect tab. If not. Click the power button on the PC to turn it off. By default. click Check Results to see which required components are not yet completed. Step 3. Set the router password. find Linksys-WMP300N and drag and drop it where the Fast Ethernet NIC was located.2: Configuring Wireless LAN Access • • Using the default Encryption of 40/64-Bit. the WRT300N blocks all attempts to access the web interface from the outside world. You will test remote management once PC3 wireless connectivity is established. Your completion percentage should be 69%. Your completion percentage should be 75%. but will not be able to remotely manage it through the Internet interface. All rights reserved. Under Router Access.3. • • • In the configuration GUI for PC3. Re-enter the same password to confirm. Turn the power back on. enable remote management. This document is Cisco Public Information. Install the wireless NIC on PC3. If not. Enable remote management. Click Save Settings. • • Under Modules. Step 3. Note: PC1 and PC2 can ping WRS2. click Check Results to see which required components are not yet completed. . Inc. Page 3 of 4 All contents are Copyright © 1992–2007 Cisco Systems. Remove the Fast Ethernet NIC on PC3. You should see that the PC has not associated with an access point.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. Task 5: Add Wireless Connectivity to a PC Step 1. Check results. Configure PC3 with a WEP key. Check results. Packet Tracer does not support disabling this security feature. The NIC is located at the bottom of the machine. • • Under Remote Access. In the Physical Device View is an image of the PC. Step 2. A Linksys screen is displayed. • • • Click PC3 and then click the Physical tab. change the router password to cisco123. Remove the Fast Ethernet NIC by dragging it to the bottom right corner of the window. click the Desktop tab. Step 3. • • Click the Administration tab. Currently. Click PC Wireless to begin setting up the WEP key for PC3. Task 4: Configure Options in the Linksys Administration Tab Step 1.

2: Configuring Wireless LAN Access • • • • • The WRS_LAN should appear in the list of available wireless networks. This document is Cisco Public Information. Your completion percentage should be 100%. Make sure it is selected and click Connect. Step 4. and then click the Connectivity Tests tab to check. Check results. Go to the Link Information tab. The Signal Strength and Link Quality indicators should show that you have a strong signal. Page 4 of 4 .CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. You see the IP address the PC received from the DHCP pool. All rights reserved. type the WEP. If not. click Check Results to see which required components are not yet completed. Click the More Information button to see details of the connection. Task 6: Test Connectivity All the PCs should have connectivity with one another.3. Click Check Results. and click Connect. If the completion percentage is at 100% but the connectivity tests are unsuccessful. Close the PC Wireless configuration window. Inc. Under WEP Key 1. ciscoccna1. All contents are Copyright © 1992–2007 Cisco Systems. try turning PC3 off and then on again.

10. This document is Cisco Public Information.1 172.99.99.255.0 255.0 255. Inc.255.1.10.0 Default Gateway N/A N/A N/A N/A N/A 172.255.255.1 Page 1 of 7 WRS3 PC1 PC2 All contents are Copyright © 1992–2007 Cisco Systems.255.255.30.17.17.1 172.0 255.255.17.0 255.17.99.20.1 N/A 172.20.1 172.99 Lo0 WRS2 WAN LAN/Wireless WAN LAN/Wireless NIC NIC IP Address 172.17.35 172.40.252 255.0 255.17.255.255. .255.255.255.17.17.2: Challenge Wireless WRT300N (Instructor Version) Topology Diagram Addressing Table Device Interface Fa0/1 Fa0/0.255.1 172.17.1 172.1.1 10.0 255.17.99.255.0 255.0 255.255.255.10.17.255.20 Fa0/0.255.17.PT Activity 7.20.1 172.255.22 Subnet Mask 255.255.255.10 R1 Fa0/0.50.17.1 N/A 172.25 172.255. All rights reserved.5.21 172.17.0 255.99.1 172.

17. This document is Cisco Public Information. Configure R1 according to the following guidelines: • • • • • Router hostname Disable DNS lookup Configure EXEC mode password of class Configure a password of cisco for console connections Configure a password of cisco for vty connections Step 2. which may then have to reconnect after making changes to the configuration. Perform basic router configurations. encapsulation must be set to 802. Verify the interfaces are up and their IP Addresses are correect with the show ip interfaces brief command.99. port security on a Cisco switch.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. 0/1. Configure Loopback0.0 /24 172. Page 2 of 7 .17.2: Challenge Wireless WRT300N VLAN Table VLAN ID VLAN 10 VLAN 20 VLAN 99 VLAN Name Faculty/Staff Students Wireless(Guest) Network 172. and static routes on multiple devices. FastEthernet 0/0. and any subinterfaces listed in the addressing table. you will configure a Linksys WRT300N. The VLAN ID is identified by the subinterface number. All rights reserved. Task 1: Perform Basic Router Configurations Step 1. All contents are Copyright © 1992–2007 Cisco Systems.5.20.1Q.17. Make note of the procedures involved in connecting to a wireless network because some changes involve disconnecting clients. Before configuring the IP addresses on the the subinterfaces.0 /24 172.0 /24 Learning Objectives • • • • • • • • • • • • Perform basic router configurations Perform switch configurations Connect to the Linksys WRT300N router Access the WRT300N Configure IP settings for the Linksys WRT300N Configure DHCP settings Basic wireless settings Enable wireless security Managing and securing the web utility of the router Configure WRS2 Creating and verifying full connectivity Configuring port security Introduction In this activity.10. Configure router interfaces. Inc.

From here select the Connect tab and connect to the Default network. Verify connectivity settings.1Q trunk Fa0/11 on S2 is in VLAN 10 Fa0/18 on S2 is in VLAN 20 Remaining connected ports are trunk interfaces Allow all VLANS across trunking interfaces Step 4. Step 5. Configure switch port interfaces on S1. For all switches set the VTP mode to transparent and create the VLANs according to the table at the beginning of this activity. While still at the desktop of the PC. troubleshoot. close the Linksys GUI window and then verify the connectivity settings by accessing the Command Prompt and typing the ipconfig command. Configure the Ethernet interfaces of PC1 and PC2. Step 3. Configure the interfaces on the S1. S2. Inc. if not. All rights reserved. Configure all three switches according to the following: • • • • • Configure hostnames Disable DNS lookup Configure EXEC mode password of class Configure a password of cisco for console connections Configure a password of cisco for vty connections Step 2. and S3 switches according to the following: • • • • • • Fa0/7 on S2 and S3 are in VLAN 99 Fa0/5 on S1 is an 802.5. The pings should be successful.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. Verify VLANs and trunking. Connect to a wireless router. Use the show interfaces trunk command on S1 and the show vlan brief command on S2 to verify that the switches are trunking correctly and the proper VLANs exist. Test the PC configuration. Page 3 of 7 . Set VTP mode and create VLANs. This document is Cisco Public Information. Task 3: Connect to the Linksys WRT300N Router Step 1. Verify the creation of the VLANs with the show vlan brief command. and S3. Access the Command Prompt on each PC and ping its default gateway.2: Challenge Wireless WRT300N Task 2: Perform Switch Configurations Step 1. Perform basic switch configurations. PC>ipconfig All contents are Copyright © 1992–2007 Cisco Systems. S2. Configure the Ethernet interfaces of PC1 and PC2 with the IP addresses and default gateways according to the addressing table at the beginning of the activity. Step 6. From PC6 access the Desktop then PC Wireless. Step 2.

0 Set the default gateway to the Fa0/1 VLAN 99 IP address of R1....... configured under Network Setup.. Click Continue. One of the interfaces.......17. Since the default gateway has changed.17. Step 1.. Click Save Settings...1 All contents are Copyright © 1992–2007 Cisco Systems..30.........5...CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7...99. PC6 will not be able to access the web utility until its IP address and gateway are updated.. Select Static IP.1 /24 Step 4.1...35 Set the subnet mask to 255.... You should be at the Setup page of the Linksys router... the default gateway of the PC.255..: 192. Enter authentication information....255. You will be prompted for a username and password.....255.. Enter the URL 192...30. Access WRS3 through the web browser........ Note: In Packet Tracer.. Set the Internet connection type to static IP.2: Challenge Wireless WRT300N IP Address..0 Default Gateway. Task 5: Configure IP Settings for the Linksys WRT300N The best way to understand the following settings is to think of the WRT300N as being similar to a Cisco IOS-based router with two separate interfaces..... PC6 and PC3. access the Command Prompt. Inc. Close the Web Browser and return to the Desktop of PC6....1 PC> Task 4: Access the WRT300N Step 1.255..: 172... acts as the interface connecting to the wireless clients. Step 5.1 Step 3.. acts as the connection to the switches and the interior of the network.: 172.101 Subnet Mask. PC>ipconfig /renew IP Address.17. Set the IP address settings for Internet Setup......168. Type the ipconfig /renew command to update PC6's IP address and default gateway... Again.. the one configured under Internet Setup.: 255. The other interface..0 Default Gateway.1. You are prompted with a "Settings are successful" window.168... Once you have entered the login information..... On PC6.255. Step 2. • • • Set the Internet IP address to 172..... Under Internet Setup is the Internet Connection Type option. close the command prompt and then click the Web Browser.. you should be viewing the default page of the Linksys WRT300N web utility. Step 2. Page 4 of 7 ....1.. Save the settings.30..: 192... All rights reserved...1.99.... there must be a space between ipconfig and /renew..101 Subnet Mask.17. The default username and password are both admin... 172.. Configure the Network Setup IP address to 172.. This document is Cisco Public Information.255.17..... Renew IP configuration on PC6....: 255..168..

Configure the SSID.. Page 5 of 7 . Step 2. Save settings.5.17.255.0 PC> Task 6: Configure DHCP Settings Now access the wireless router through the web browser again..2: Challenge Wireless WRT300N DNS Server.17..25-49...0... A network is only as secure as its weakest point.0.... Step 4............0 172.: Default Gateway..30.. If the IP Address is not 172...: PC> Note: Packet Tracer may need help in updating the IP configuration... try the ipconfig /renew command. select WEP.. All rights reserved.26 255.. Your settings should match those above........ you have the new DHCP settings that you configured in Task 6..: 0.0 Task 8: Enable Wireless Security Step 1...1 URL... Reconnect to the router setup page (http://172...1).. On the Desktop return to PC Wireless and select the Connect Tab.....0. Step 4.. Only 25 clients at a time are able to get an IP address. 172..30.17. Step 3.1 0.. set the start address to 25 and the maximum number of users to 25. Inc..... Step 2. Now that you have reconnected to the network.... Access the Wireless page and change the Network Name SSID from Default to WRS3. and a wireless router is a very convenient place to start All contents are Copyright © 1992–2007 Cisco Systems.. Reconnect to the wireless network...17... Click Save Settings in order for the changes to take place.: Subnet Mask.... return to the Desktop and select IP Configuration..... Enter a WEP key..30.255...17.30..17. PC6 is currently unable to access the WRS3 network. Under Security Mode.. Since the SSID has changed.. This document is Cisco Public Information. PC>ipconfig IP Address.. Task 7: Basic Wireless Settings Step 1.. Under DHCP Server Settings.26 or the default gateway is wrong.. From here switch to Static and back to DHCP.. If that does not work... Verify the settings..30. These settings give any PC that connects to this router wirelessly requesting an IP address through DHCP.. Connect to the WRS3 network. Verify this at the command prompt with the ipconfig command. an address between 172..CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7..: DNS Server....... Step 3.30. Navigate to the Wireless page and then select the Wireless Security tab..... but this time at the 172.0....

Step 2. All rights reserved. • • • • Assign a Static IP to the Internet interface.. Page 6 of 7 . Task 9: Managing and Securing the Web Utility of the Router Step 1. Change the router password to cisco.40. there are tools that can crack WEP key encryption.22.. Access WRS2 through the default gateway.. Step 2.1..2. Renew IP Configuration for PC3. You will become disconnected from the network again after saving your settings.: 172. Notice how HTTP Web Utility Access is already selected by default. Verify the new addressing with the ipconfig command. Task 10: Configure WRS2 Step 1. • • • • • Return to the Desktop and click PC Wireless.168. See Task 3 if you need help. This document is Cisco Public Information. Unfortunately.. Inc. for up to 25 users.17. select WRS3 and connect.. Configure PC6 to use WEP authentication. Connect to WRS2 from PC3....5. you are adding a level of security.17.40. From the list of available wireless networks.2: Challenge Wireless WRT300N if someone wants to damage your network... A screen will be brought up asking for the WEP. Step 3.23 All contents are Copyright © 1992–2007 Cisco Systems. Return to the web utility page of the router (http://172.. By requiring a WEP key to connect to the router. Connect to the Web Utility through the Web Browser. The ipconfig /renew command does not properly renew the IP address from the new DHCP range. Complete Inernet and Network Setup.. type the WEP. Leave it that way. Click Link Information to verify connectivity to the access point.. 192. Save your settings. Go to IP Configuration on the Desktop and switch to Static then back to DHCP. 1234567890. Click on the Connect tab. For DHCP Server settings. Step 6.17. PC>ipconfig IP Address. Save settings..... Configure the Router IP with the LAN addressing from the table at the beginning of the activity. Use the addressing from the table at the beginning of the activity. Under WEP Key 1.. Step 5.30. Save settings. begin assigning IP Addresses at 172. Configure web access password. Step 4..CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7.1) and navigate to the Administration section. A more robust form of wireless security is WPA and WPA-2. Add the WEP key 1234567890.. which are currently not supported by Packet Tracer.

.255. Configure web access password to cisco... All rights reserved. This document is Cisco Public Information. Step 6.0 and 172.17. These routes will allow R1 to ping the inside Wireless/LAN IP address on the wireless routers.... Change SSID to WRS2. Step 3... Inc.. PC3 and PC6 will not be able to ping one another.255.40.. ! ip route 172.99.. Give R1 static routes to the 172. See Task 8 for help.0 172. Enable port security and enable dynamic sticky MAC addresses.17.1 PC> Step 5. Step 2.0 255.17...17.0 255.. Verify that R1 has routes to PC3 and PC6 with the show ip route command and R1 can ping the inside Wireless/LAN IP address of each wireless router.255..35 ip route 172.: 172. Task 12: Configuring Port Security Step 1... Be sure to click Save Settings.17.25 ! Step 2.40.0 172. Page 7 of 7 ...255.. Configure PC1 and PC2 port security...0 Default Gateway.. Configure WEP on WRS2 from Web Utility. Task 11: Creating and Verifying Full Connectivity Step 1. Verify connectivity.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7.. See Task 7.. Return to the Web Utility and change the SSID to WRS2 under the Wireless page.30.0 networks.. All contents are Copyright © 1992–2007 Cisco Systems.... Step 7.99.5.30..2: Challenge Wireless WRT300N Subnet Mask.40... See Task 9 for help. Due to a PT bug... Generate traffic across the ports by pinging PC2 from PC1. Step 3 for help. Reconnect PC3 to WRS2.. Verify port security.255. Set the WEP Key to 1234567890 and configure PC3 to use the WEP.255..: 255.17.17.

0 255.0 255.0 Default Gateway N/A N/A N/A N/A N/A 192.0 255.18 Lo0 WRS2 WAN LAN/Wireless WAN LAN/Wireless NIC NIC IP Address 5.255.1 192.168.252 255.168.255.0 255.3: Troubleshooting Wireless WRT300N (Instructor Version) Topology Diagram Addressing Table Device Interface Fa0/0.11.255.255.10 Subnet Mask 255.5. All rights reserved.1.168.18.10.255.168.0 255.1 10.5 Fa0/0.0 255.255.10 R1 Fa0/0.255.11.10.11.1 N/A 192.10.1 N/A 11.10 18.255.0 255.11.5.2 192.255.5.255.255.1 11.255.10.168. This document is Cisco Public Information. Page 1 of 2 .1 WRS3 PC1 PC4 Addressing Table continued on next page All contents are Copyright © 1992–2007 Cisco Systems.11.18.1 192.11 Fa0/0.18.168.10.168.1 11.255.255.1 18.3 192.0 255.255.18.255.255.0 255.30.20.PT Activity 7.255.18.1.255.11.18.255.255.255. Inc.10 192.1 18.

a basic network and wireless network have been configured improperly.255. Packet Tracer does not allow for PC2 and PC3 to ping one another. Inc. DHCP must assign PC2 and PC3 their proper IP addresses. This document is Cisco Public Information. All rights reserved. Task 2: Verify Connectivity Due to a bug. continue troubleshooting. You must find and correct the misconfigurations based on the minimum network specifications provided by your company. The wireless routing requirements are as follows: • • • • • Connections via the IP addresses shown in the topology diagram.5. 30 clients can get an IP address through DHCP at a single time. Note: Packet Tracer will not grade the allowed VLANs for trunking mode.5.3 255.1) must be successful. however connectivity should exist in all other circumstances.30.CCNA Exploration Basic Wireless Concepts and Configuration PT Activity 7. Ping requests coming from outside WAN ports of the Linksys routers to their inside LAN/wireless IP addresses (192.5. determine any errors in the network.255. All contents are Copyright © 1992–2007 Cisco Systems. If they do not. Wireless clients must be authenticated using WEP with a key of 5655545251.1 5.0 N/A N/A N/A Learning Objectives • • Troubleshoot the network Verify connectivity Scenario In this activity.2 5.255.255.0 255.255. All the PCs should be able to ping one another and R1.2: Challenge Wireless WRT300N Addressing Table continued S1 S2 S3 VLAN 5 VLAN 5 VLAN 5 5.5. Task 1: Troubleshoot the Network Examine the routers and switches.5.0 255. Page 2 of 2 .168.5.5.255.

17.6.25 172.1 172.255.0 255.20 Fa0/1.88.255.17.0 255.1 172.1 N/A 172.255.255.17. This document is Cisco Public Information.255.255.1 172.88 Fa0/1.17.255.88.0 255.17.17.10. Inc. All rights reserved.0 255.0 255.1 172.17.255.17.255.17.0 255.17.1 Addressing Table continued on the next page WRS3 All contents are Copyright © 1992–2007 Cisco Systems.255.0 255.99.1 172.255.255.255.10 R1 Fa0/1. Page 1 of 5 .PT Activity 7.30.50.35 Subnet Mask 255.0 255.1 172.88.40.88.255.1 N/A 172.99 WRS2 Internet LAN Internet LAN IP Address 172.0 Default Gateway N/A N/A N/A N/A N/A 172.255.88.255.17.1: Packet Tracer Skills Integration Challenge (Instructor Version) Topology Diagram Addressing Table Device Interface Fa0/0 Fa0/1.255.255.20.

17.0 255.1 172.99.17.1 172.255. Use the addressing table for address configuration.22 255.1 172.20. Configure the management VLAN interface on S1.1 172.255.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7.99. click Check Results to see which required components are not yet completed.10.99. Task 1: Configure and Verify Basic Device Configurations Step 1.255. Configure each switch with the following basic commands. Packet Tracer only grades the hostnames and default gateways.17.1 Learning Objectives • • • • • • • • • Configure and verify basic device configurations Configure VTP Configure trunking Configure VLANs Assign VLAN to ports Configure STP Configure router-on-a-stick inter-VLAN routing Configure wireless connectivity Verify end-to-end connectivity Introduction In this final Packet Tracer Skills Integration Challenge activity for the Exploration: LAN Switching and Wireless course. and S3.0 255.99. Page 2 of 5 . you will apply all the skills you have learned including configuring VLANs and VTP. If not. Your completion percentage should be 13%.17.17. Task 2: Configure VTP All contents are Copyright © 1992–2007 Cisco Systems.99. enabling inter-VLAN routing and integrating wireless connectivity.31 172.0 255.10. • • • • • • Hostnames Banner Enable secret password Line configurations Service encryption Switch default gateways Step 2. Step 3.0 172.1: Skills Integration Challenge Addressing Table continued S1 S2 S3 PC1 PC2 VLAN 99 VLAN 99 VLAN 99 NIC NIC 172.32 172.255. Create and enable interface VLAN 99 on each switch. Configure basic commands. This document is Cisco Public Information. All rights reserved.17.99.255.21 172.17.17. optimizing STP.255.0 255.33 172.20.17.255.255.255.17.6. S2. Check results. Inc.255.

VTP advertises the new VLANs to S2 and S3. Task 4: Configure VLANs Step 1.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. All rights reserved.1: Skills Integration Challenge Step 1. Configure S1 as the server. Configure trunking on S1. click Check Results to see which required components are not yet completed. It may take a few minutes for Packet Tracer to simulate the VTP advertisements. Create the VLANs on S1. Assign the PC access ports to VLANs: • • VLAN 10: PC1 VLAN 20: PC2 Page 3 of 5 All contents are Copyright © 1992–2007 Cisco Systems. Step 2. Check results. Assign VLANs to access ports on S2 and S3. Use the appropriate commands to verify that S2 and S3 now have the VLANs you created on S1. Use CCNA as the VTP domain name. Check results. Your completion percentage should be 44%. Inc. and S3. S2. Configure the VTP domain name on all three switches. Configure S2 and S3 as clients. Create and name the following VLANs on S1 only. . This document is Cisco Public Information. Check results. Step 2. Task 3: Configure Trunking Step 1. click Check Results to see which required components are not yet completed. • • • • VLAN 10 Faculty/Staff VLAN 20 Students VLAN 88 Wireless(Guest) VLAN 99 Management&Default Step 2. If not. Configure the VTP mode on all three switches. If not. Step 3. Configure the appropriate interfaces in trunking mode and assign VLAN 99 as the native VLAN. Step 3. Your completion percentage should be 54%. Step 4. Use cisco as the VTP domain password. Configure the VTP domain password on all three switches. If not. click Check Results to see which required components are not yet completed. Verify that VLANs have been sent to S2 and S3. Task 5: Assign VLANs to Ports Step 1.6. Your completion percentage should be 21%.

If not. Step 2. Use the appropriate commands to verify your VLAN implementation. Step 2. Step 3. Step 4. Task 6: Configure STP Step 1. If not. All rights reserved. Step 2. Step 3. Inc. This document is Cisco Public Information. Task 7: Configure Router-on-a-Stick Inter-VLAN Routing Step 1. Configure the administration password as cisco123. Task 8: Configure Wireless Connectivity Step 1. Check results. Verify VLAN implementation. click Check Results to see which required components are not yet completed. Step 3. Check results. Step 2. The WEP for both is 12345ABCDE.1: Skills Integration Challenge Assign the wireless router access ports to VLAN 88. Page 4 of 5 . Use 4096 priority. Configure wireless network settings. click Check Results to see which required components are not yet completed. Verify that S1 is the root bridge. Configure PC3 and PC4 to access the network using DHCP. PC3 connects to the WRS2_LAN. Save the settings. Ensure that S1 is the root bridge for all spanning tree instances. Check results. click Check Results to see which required components are not yet completed. Configure IP Addressing for WRS2 and WRS3. Configure the Fa0/1 subinterfaces on R1 using the information from the addressing table. Then configure the static IP information under Internet Connection Type and save settings again. • • The SSIDs for the routers are WRS2_LAN and WRS3_LAN. Your completion percentage should be 66%. respectively. and PC4 connects to the WRS3_LAN. Configure subinterfaces.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7.6. Your completion percentage should be 79%. Configure LAN settings and then static addressing on the Internet interfaces for both WRS2 and WRS3 using the addresses from the topology. All contents are Copyright © 1992–2007 Cisco Systems. If not. Configure the wireless routers for remote access. Your completion percentage should be 61%. Note: A bug in Packet Tracer may prevent you from assigning the static IP address first. A workaround for this issue is to configure the LAN settings first under Network Setup.

Verify remote access capability. Step 2. This document is Cisco Public Information. All contents are Copyright © 1992–2007 Cisco Systems. Step 3. Step 4. Your completion percentage should be 100%. Check results. Inc. Page 5 of 5 . All rights reserved. Verify that PC1 and PC2 can ping each other. If not. Task 9: Verify End-to-End Connectivity Step 1. Verify that PC2 and PC3 can ping each other. click Check Results to see which required components are not yet completed.6.1: Skills Integration Challenge Step 5. Verify that PC3 and PC1 can ping each other.CCNA Exploration LAN Switching and Wireless: Basic Wireless Concepts and Configuration PT Activity 7. Step 6. Verify that PC1 and Web/TFTP Server can ping each other.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->